User Logoff Event

Detects a user log-off activity. Could be used for example to correlate information during forensic investigations

MITRE ATT&CK coverage

Tactic	Techniques
Impact	`T1531` Account Access Removal

Provider	Event ID	Title
Security-Auditing	4634	An account was logged off.
Security-Auditing	4647	User initiated logoff.