Windows log filter for finding interactive logon events

InteractiveLogons.xml

<QueryList>
  <Query Id="0" Path="Security">
    <Select Path="Security">
      Event[
        System[EventID=4624]
      ]
      [
        EventData[
          Data[@Name='LogonType']
          and (Data=2 or Data=7 or Data=10 or Data=11)
        ]
      ]
    </Select>
  </Query>
</QueryList>