..
/ eventvwr.msc
Event Viewer
Functions:
Logs
Type:
MMC
Toolsets:
Builtin
GUI
Logs
Event Viewer
eventvwr.exe DC1.ad.bitsadmin.com
Usecases
Clear the Security event log
Disable certain logs (Right click -> Disable Log)
Identify source IPs from which certain users have logged in to chase after their workstations
Configure the Security log to not overwrite events so it will just stop logging
Comments
Alternatively, use
compmgmt.msc
or launch the snap-in, right click the root node -> Connect to Another Computer
Mitre Att&ck
T1070.001
T1562.002
Event Viewer
eventvwr.msc /computer:DC1.ad.bitsadmin.com
Usecases
Clear the Security event log
Disable certain logs (Right click -> Disable Log)
Identify source IPs from which certain users have logged in to chase after their workstations
Configure the Security log to not overwrite events so it will just stop logging
Comments
Alternatively, use
compmgmt.msc
or launch the snap-in, right click the root node -> Connect to Another Computer
Mitre Att&ck
T1070.001
T1562.002
Detection
Port: 135/TCP
Updated: 2023-07-01
Contributor: Arris Huijgen (
bitsadmin
)
