Step1 – Export event details to a txt file
You can use the wevtutil command to export the specified event ID log into a file.
The following command exports event ID 4648 or 4729 from Security event to a Security_Event.txt file.
wevtutil qe security /rd:true /f:text /c:1 /q:"*[System[Provider[@Name='Microsoft-Windows-SecurityAuditing'] and (EventID=4648 or EventID=4729)]]" >C:\Security_Event.txt
Setp2 – Email Alert
The second step is to email this file as an attachment. You can use the following procedure to generate an email alert: (Attach Task To This Event)
wevtutil Command Reference: