Skip to content

Instantly share code, notes, and snippets.

@jkbryan
Created March 9, 2019 22:00
Show Gist options
  • Save jkbryan/6a71bb1ad7d5f1182d608559dceb5809 to your computer and use it in GitHub Desktop.
Save jkbryan/6a71bb1ad7d5f1182d608559dceb5809 to your computer and use it in GitHub Desktop.
Find strings like 'jon' or 'dave' in the exported security event log(s) held in C;\TEMP\logs
SELECT * INTO C:\TEMP\Output\output.csv
FROM C:\TEMP\Logs\*
WHERE TimeWritten > TIMESTAMP ( '2009-01-01 01:00:00', 'yyyy-MM-dd hh:mm:ss' ) AND SourceName = 'Microsoft-Windows-Security-Auditing' AND
( Strings LIKE '%jon%' OR strings LIKE '%dave%')
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment