Windows Event Forwarding for Network Defense
Palantir Technologies

One other detail…if I remove 4104 events from the subscription, and run the mimikatz script, everything works as expected and the 4103 events appear on the collector.

Like what you read? Give Ralm Rnd a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.