Mutiny can track the system event logs and generate events when those logs contain events that match the criteria set out in a config file.
The agent is run by the Mutiny PowerShell Scheduler. https://www.mutiny.com/mutiny-support/powershell-scheduler/
Download the agent files from the ShellStore https://www.mutiny.com/mutiny-support/shellstore/
First, install the Mutiny PowerShell Scheduler https://mutiny.freshdesk.com/a/solutions/articles/5000524545
Place the in the following locations;
MutPsA_EventLog.ps1 >>> C:\Program Files\Mutiny\Agents\ (agent file)
MutPsA_EventLog.json >>> C:\Program Files\Mutiny\AgentResults\ (agent configuration file)
Edit your son configuration file to track the logs and event IDs you want to track.
A good resource for security events logs is available at Randy Franklin Smith's Ultimate Windows Security
Save your changes.
Now add your agent to the PowerShell scheduler.
Select [Run Now] and then check the AgentsResults folder and check the file has been written.
The agent is now running and you can now add the agent to your node in Mutiny.
Enter the agent name (first field in the agents results file)
The agent will be added.
wait one polling cycle and it should update to the current status.