Splunk is a great tool to monitor and review many different kinds of log files. In some cases it can occur that you want to be alerted of specific types of events, but only for occurrences of the events that are not defined in an exceptions whitelist. For example: you may want to be alerted of all logons to your server by users who are not IT employees. While it is possible to enumerate all exceptions in the search query, this article shows how this can be done by storing all exceptions in a CSV-file. 

A list of tools which are available on any Windows operating system.

General

• date /t: shows the current date
• time /t: shows the current time

Windows memory

• mem /P: Displays status of programs currently loaded in memory.
• mem /D: Displays status of programs, internal drivers, and other information.
• mem /C: Classifies programs by memory usage. Lists the size of programs, provides a summary of memory in use, and lists largest memory block available.

When many events logs are being generated, the possibility exists that events are being overwritten to quickly, which causes that important information would be lost. Increasing the maximum size of the Windows Event Logs might help to store events longer on each computer.

How to find SUID files.