We are currently attaching all our domain PC's to the ATP portal. As part of this work i have been asked to run a report on all Machines showing a specific event log. Here is the following information i need to report on -
within the event "Microsoft-Windows-SENSE%4Operational.evtx" is the event ID number 4
This event ID states a successful communication to the ATP portal, indicating all is well
is it possible to crate a scan against a specific event ID against a specific Event log?
If so how?