Windows event log service restart events in the past hour?

Hi All,

What would be the most efficient way to write an analysis that returns all services (by display name) that have been restarted in the past hour? If digging down to get the actual service names is too costly, would it be possible to just get a catch all style true/false result for any windows services stop and/or restarted in the past hour?

The best thing I can think of would be to enumerate through the running services
https://developer.bigfix.com/relevance/reference/service.html#all-running-service-service

get the pid of each service
https://developer.bigfix.com/relevance/reference/service.html#pid-of-service-integer

then get the start time of the process
https://developer.bigfix.com/relevance/reference/process.html#start-time-of-process-time

and compare that against now - 1 hour etc