Potentially Suspicious EventLog Recon Activity Using Log Query Utilities (beaa66d6-aa1b-4e3c-80f5-e0145369bfaf)
Detects execution of different log query utilities and commands to search and dump the content of specific event logs or look for specific event IDs. This technique is used by threat actors in order to extract sensitive information from events logs such as usernames, IP addresses, hostnames, etc.