4.5.11 Evaluate Windows Log Files [better] Link

: For advanced users or lab environments, use the Get-Eventlog command. For example, Get-Eventlog -logname * provides a list of all active logs on a machine. 2. The Big Three: Essential Log Categories

Specific attention must be paid to the Security log for the following Event IDs: 4.5.11 evaluate windows log files