Hi guys,
I'm trying to do a search that would return results only for a combination of 2 events. I'm specifically looking for successful logins EventCode=4624 and only show results if for the host has had both interactive Logon_Type=2 and remote Logon_Type=10 logins. I tried my luck with transaction and dedup but to no luck. Any suggestions?
Example:
Host 1 Login, Remote
Host 2 Login, Remote
Host 2 Login, Remote
Host 1 Login, Interactive
Host 3 Login, Interactive
Host 4 Login, Remote
Host 4 Login, Interactive
This would ideally just return info on Host 1 and Host 4 because they have both interactive and remote logons, while Host 2 has only remote and Host 3 has only interactive.
Ideally the result would be just a table of hosts and possibly timestamps of the logins.
... View more