Query Details
Stopped Services
Query
//Stopped services SecurityEvent | where EventID == 7045 | where EventData contains "stopped" | project TimeGenerated, Computer, EventData
Explanation
This query is looking for security events where a service has been stopped. It selects the time the event occurred, the computer where it happened, and the details of the event.
Details
Rod Trent
Released: July 10, 2023
Tables
SecurityEvent
Keywords
SecurityEvent,EventID,EventData,TimeGenerated,Computer
Operators
| where==containsproject