Log Sentinel Report

Overview

Critical

High

Medium

Low

Info

Events analysed: 21 Security: 18 | System: 2 | Windows PowerShell: 1

Where is my report? This browser report is the easy-to-read version. A PDF copy named demo_report.pdf is saved in the same folder. Use Search Help if you do not know what a feature or alert means.

Findings (15)

#1 Critical IOC match: mimikatz.exe (Credential dumper) 2026-05-13 10:28:46 UTC

Process 'mimikatz.exe' matched threat-intel database. Type: process Description: Credential dumper

Show 1 related event(s)

Time	Channel	ID	User	Detail
10:28:46	Security	4688	hacker	Demo EventID 4688

#2 Critical New service installed: 'WindowsUpdateHelper' 2026-05-13 10:18:46 UTC

Service 'WindowsUpdateHelper' installed from suspicious path: c:\users\public\svc.exe at 10:18:46.

Show 1 related event(s)

Time	Channel	ID	User	Detail
10:18:46	System	7045	SYSTEM	Demo EventID 7045

#3 Critical Security audit log cleared 2026-05-13 10:08:46 UTC

The audit log was cleared by 'hacker' at 2026-05-13 10:08:46. This is a strong indicator of an attacker covering tracks.

Show 1 related event(s)

Time	Channel	ID	User	Detail
10:08:46	Security	1102	hacker	Demo EventID 1102

#4 High Sensitive privileges granted to 'hacker' 2026-05-13 10:43:46 UTC

User 'hacker' was granted: SeDebugPrivilege, SeImpersonatePrivilege, SeTcbPrivilege at 10:43:46.

Show 1 related event(s)

Time	Channel	ID	User	Detail
10:43:46	Security	4672	hacker	Demo EventID 4672

#5 High Suspicious process: mimikatz 2026-05-13 10:28:46 UTC

Process 'c:\temp\mimikatz.exe' launched by 'hacker' with args: mimikatz.exe sekurlsa::logonpasswords

Show 1 related event(s)

Time	Channel	ID	User	Detail
10:28:46	Security	4688	hacker	Demo EventID 4688

#6 High Suspicious PowerShell script block detected 2026-05-13 10:23:46 UTC

PowerShell script contains: -enc. Snippet: powershell -enc sqbfafgaiaaoae4azqb3ac0atwbiagoazqbjahqaiaboaguadaauafcazqbiaemababpaguabgb0acaalqbdag8abgbuaguaywb0afqaaqbtaguabwb1ahqaiaaxadaakqauagqabwb3ag4ababvageazabtahqacgbpag4azwaoaccaaab0ahqacaa=

Show 1 related event(s)

Time	Channel	ID	User	Detail
10:23:46	Windows PowerShell	4104	hacker	Demo EventID 4104

#7 High User added to privileged group 'Administrators' 2026-05-13 10:14:46 UTC

'backdoor_user' was added to group 'Administrators' by 'hacker'.

Show 1 related event(s)

Time	Channel	ID	User	Detail
10:14:46	Security	4732	hacker	Demo EventID 4732

#8 High Brute-force login attempt on account 'Administrator' 2026-05-13 09:48:46 UTC

6 failed logins for 'Administrator' within 5 minutes (first: 09:48:46).

Show 6 related event(s)

Time	Channel	ID	User	Detail
09:48:46	Security	4625	Administrator	Demo EventID 4625
09:49:46	Security	4625	Administrator	Demo EventID 4625
09:50:46	Security	4625	Administrator	Demo EventID 4625
09:51:46	Security	4625	Administrator	Demo EventID 4625
09:52:46	Security	4625	Administrator	Demo EventID 4625

... and 1 more events

#9 High Brute-force from IP 185.220.101.45 2026-05-13 09:48:46 UTC

6 failed logins from 185.220.101.45 in 5 min.

Show 6 related event(s)

Time	Channel	ID	User	Detail
09:48:46	Security	4625	Administrator	Demo EventID 4625
09:49:46	Security	4625	Administrator	Demo EventID 4625
09:50:46	Security	4625	Administrator	Demo EventID 4625
09:51:46	Security	4625	Administrator	Demo EventID 4625
09:52:46	Security	4625	Administrator	Demo EventID 4625

... and 1 more events

#10 Medium Account locked out: 'bob_smith' 2026-05-13 10:58:46 UTC

Account 'bob_smith' was locked out (triggered from WORKSTATION-07). May indicate a brute-force attempt.

Show 1 related event(s)

Time	Channel	ID	User	Detail
10:58:46	Security	4740	bob_smith	Demo EventID 4740

#11 Medium Firewall rule added: 'Allow_Backdoor_4444' 2026-05-13 10:38:46 UTC

Firewall rule 'Allow_Backdoor_4444' was added at 10:38:46. Unexpected changes may indicate an attacker disabling defenses.

Show 1 related event(s)

Time	Channel	ID	User	Detail
10:38:46	Security	4946	hacker	Demo EventID 4946

#12 Medium Scheduled task created: '\Microsoft\Windows\SystemUpdateCheck' 2026-05-13 10:33:46 UTC

Task '\Microsoft\Windows\SystemUpdateCheck' was created by 'hacker' at 10:33:46. Scheduled tasks are a common persistence technique.

Show 1 related event(s)

Time	Channel	ID	User	Detail
10:33:46	Security	4698	hacker	Demo EventID 4698

#13 Medium New local user account created: 'backdoor_user' 2026-05-13 10:13:46 UTC

Account 'backdoor_user' was created by 'hacker' at 2026-05-13 10:13:46.

Show 1 related event(s)

Time	Channel	ID	User	Detail
10:13:46	Security	4720	hacker	Demo EventID 4720

#14 Medium Unexpected system shutdown detected 2026-05-13 08:28:46 UTC

System experienced an unexpected shutdown at 2026-05-13 08:28:46. Could be hardware failure, crash, or forced power-off.

Show 1 related event(s)

Time	Channel	ID	User	Detail
08:28:46	System	6008	SYSTEM	Demo EventID 6008

#15 Low Off-hours logon: 'contractor_bob' 2026-05-13 03:15:00 UTC

User 'contractor_bob' logged in at 03:15 UTC (outside 06:00–22:00 UTC).

Show 1 related event(s)

Time	Channel	ID	User	Detail
03:15:00	Security	4624	contractor_bob	Off-hours logon demo

Generated by Log Sentinel. Keep this report private because it may contain usernames, hostnames, process names, and security details.