Use case in DQL

question

#1

How to apply a logic to identify a user based correlation use case to identify a series of activities performed by any user:

eg:
User logs into a server/device-------->performs some configurational changes--------->clears the audit logs-------->user logs out of the server/device

Windows login + configuration changes + audit logs cleared + logout