13 lines
640 B
Markdown
13 lines
640 B
Markdown
# Event Log Monitor
|
|
|
|
Monitors the Windows Security Event Log for high-value security events including failed logon attempts, account lockouts, privilege escalation, and local group membership changes. Stateful — only alerts on newly observed events since the last run, preventing duplicate alerts across consecutive executions. Runs on a schedule via Syncro RMM.
|
|
|
|
See [project.md](project.md) for full architecture, monitored event IDs, and deployment details.
|
|
|
|
## Files
|
|
|
|
| File | Description |
|
|
|---|---|
|
|
| `event_log_monitor.ps1` | Main Syncro script — deploy this |
|
|
| `project.md` | Architecture, monitored events, deployment guide |
|