here's a great new table that allows you to directly query the Windows Event Log. https://github.com/osquery/osquery/pull/6563 Since we already have a

windows_events

table that collects events in real time, what should this on-demand table be called? Perhaps

windows_eventlog

or

windows_eventslog

? Other ideas or preference?

windows_eventlog

sounds good to me. This is a great addition, thank you @Akshay Kumar (I think?)

Thanks @zwass for the suggestion. 🙂

+1 for "windows_eventlog"