Use case in DQL



How to apply a logic to identify a user based correlation use case to identify a series of activities performed by any user:

User logs into a server/device-------->performs some configurational changes--------->clears the audit logs-------->user logs out of the server/device

Windows login + configuration changes + audit logs cleared + logout