process - what service creates windows security auditing event 4798 in Win 10 - Super User
1104(S) The security log is now full. | Microsoft Learn
Active Directory Enumeration detected by Microsoft Security solutions | by Derk van der Woude | Medium
Lateral Movement
Samir on Twitter: "the cool thing about those 2 newly introducted MS security eventid 4799, 4798 is that they will capture any local group/user discovery attempts even if done via winapis, below
EventList – the Baseline Event Analyzer | miriamxyra