This project contains event log parsers for the Windows events created by RPCFirewall: https://github.com/zeronetworks/rpcfirewall Go check out RPCFirewall first, and once you have RPC events flowing into your Windows event logs and forwarding to a SIEM, use these parsers to make the events easier to query and write threat detections against.