field,category,platform,type,channel,provider,data_needed,enrichment,enrichment requirements
EventID,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,,
Hostname,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,,
Computer,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,,
ProcessID,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,,
ServiceName,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,,
ImagePath,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,,
ServiceFileName,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,,
ServiceType,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,,
StartType,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,,
AccountName,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,,
UserSid,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,,
EventID,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,,
Computer,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,,
Hostname,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,,
OpCorrelationID,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,,
AppCorrelationID,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,,
SubjectUserSid,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,,
SubjectUserName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,,
SubjectDomainName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,,
SubjectLogonId,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,,
DSName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,,
DSType,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,,
ObjectDN,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,,
ObjectGUID,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,,
ObjectClass,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,,
AttributeLDAPDisplayName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,,
AttributeSyntaxOID,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,,
AttributeValue,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,,
OperationType,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,,
EventID,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,,
Computer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,,
Hostname,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,,
UtcTime,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,,
ProcessGuid,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,,
ProcessId,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,,
Image,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,,
User,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,,
Protocol,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,,
Initiated,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,,
SourceIsIpv6,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,,
SourceIp,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,,
SourceHostname,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,,
SourcePort,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,,
SourcePortName,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,,
DestinationIsIpv6,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,,
DestinationIp,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,,
DestinationHostname,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,,
DestinationPort,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,,
DestinationPortName,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,,
EventID,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,,
Computer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,,
Hostname,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,,
UtcTime,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,,
ProcessGuid,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,,
ProcessId,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,,
Image,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,,
EventID,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,,
Computer,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,,
Hostname,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,,
SubjectUserSid,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,,
SubjectUserName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,,
SubjectDomainName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,,
SubjectLogonId,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,,
ObjectServer,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,,
ObjectType,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,,
ObjectName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,,
OperationType,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,,
HandleId,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,,
AccessList,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,,
AccessMask,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,,
Properties,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,,
AdditionalInfo,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,,
AdditionalInfo2,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,,
EventID,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,,
Computer,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,,
Hostname,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,,
EventID,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,,
Computer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,,
Hostname,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,,
UtcTime,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,,
ProcessGuid,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,,
ProcessId,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,,
Image,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,,
TargetFilename,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,,
CreationUtcTime,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,,
EventID,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,,
Computer,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,,
Hostname,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,,
SubjectUserSid,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,,
SubjectUserName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,,
SubjectDomainName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,,
SubjectLogonId,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,,
ObjectType,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,,
IpAddress,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,,
IpPort,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,,
ShareName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,,
ShareLocalPath,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,,
RelativeTargetName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,,
AccessMask,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,,
AccessList,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,,
AccessReason,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,,
EventID,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,,
AccountName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,,
Hostname,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,,
Computer,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,,
SubjectUserSid,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,,
SubjectUserName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,,
SubjectDomainName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,,
SubjectLogonId,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,,
TargetUserSid,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,,
TargetUserName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,,
TargetDomainName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,,
TargetLogonId,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,,
LogonType,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,,
LogonProcessName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,,
AuthenticationPackageName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,,
WorkstationName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,,
LogonGuid,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,,
TransmittedServices,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,,
LmPackageName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,,
KeyLength,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,,
ProcessId,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,,
ProcessName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,,
IpAddress,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,,
IpPort,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,,
ImpersonationLevel,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,,
RestrictedAdminMode,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,,
TargetOutboundUserName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,,
TargetOutboundDomainName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,,
VirtualAccount,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,,
TargetLinkedLogonId,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,,
ElevatedToken,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,,
EventID,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,,
Computer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,,
Hostname,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,,
UtcTime,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,,
ImageLoaded,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,,
Hashes,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,,
Sha256hash,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,,
Md5hash,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,,
Signed,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,,
Signature,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,,
SignatureStatus,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,,
EventID,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,,
Hostname,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,,
SubjectUserSid,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,,
SubjectUserName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,,
SubjectDomainName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,,
SubjectLogonId,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,,
NewProcessId,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,,
NewProcessName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,,
TokenElevationType,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,,
ProcessId,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,,
ProcessPid,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,,
TargetUserSid,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,,
TargetUserName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,,
TargetDomainName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,,
TargetLogonId,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,,
ParentProcessName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,,
MandatoryLabel,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,,
ProcessName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,,
Image,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,,
EventID,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,,
Computer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,,
Hostname,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,,
UtcTime,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,,
ProcessGuid,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,,
ProcessId,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,,
Image,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,,
TargetFilename,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,,
CreationUtcTime,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,,
Hash,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,,
EventID,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,,
Computer,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,,
Hostname,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,,
SubjectUserSid,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,,
SubjectUserName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,,
SubjectDomainName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,,
SubjectLogonId,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,,
Workstation,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,,
Status,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,,
EventID,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,,
Hostname,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,,
Computer,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,,
HiveNameLength,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,,
HiveName,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,,
KeysUpdated,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,,
DirtyPages,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,,
EventID,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,,
Computer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,,
Hostname,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,,
UtcTime,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,,
SourceProcessGuid,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,,
SourceProcessId,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,,
SourceImage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,,
TargetProcessGuid,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,,
TargetProcessId,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,,
TargetImage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,,
NewThreadId,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,,
StartAddress,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,,
StartModule,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,,
StartFunction,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,,
EventID,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,,
Computer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,,
Hostname,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,,
Namespace,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,,
ESS,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,,
Consumer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,,
PossibleCause,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,,
CreatorSID,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,,
EventNamespace,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,,
Query,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,,
QueryLanguage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,,
EventFilter,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,,
EventID,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,,
Computer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,,
Hostname,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,,
UtcTime,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,,
EventType,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,,
Operation,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,,
User,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,,
Name,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,,
Type,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,,
Destination,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,,
RuleName,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,,
EventID,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,,
Computer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,,
Hostname,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,,
NamespaceName,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,,
Query,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,,
ProcessID,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,,
Provider,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,,
queryid,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,,
PossibleCause,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,,
CorrelationActivityID,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,,
EventID,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,,
Computer,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,,
Hostname,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,,
SubjectUserSid,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,,
SubjectUserName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,,
SubjectDomainName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,,
SubjectLogonId,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,,
ServiceName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,,
ServiceFileName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,,
ServiceType,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,,
ServiceStartType,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,,
ServiceAccount,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,,
EventID,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,,
Computer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,,
Hostname,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,,
UtcTime,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,,
EventType,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,,
Operation,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,,
User,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,,
Consumer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,,
RuleName,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,,
Filter,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,,
EventID,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,,
Computer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,,
Hostname,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,,
UtcTime,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,,
State,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,,
EventID,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,,
Computer,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,,
Hostname,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,,
SubjectUserSid,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,,
SubjectUserName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,,
SubjectDomainName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,,
SubjectLogonId,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,,
ObjectType,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,,
IpAddress,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,,
IpPort,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,,
ShareName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,,
ShareLocalPath,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,,
AccessMask,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,,
AccessList,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,,
EventID,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,,
Hostname,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,,
Computer,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,,
EventID,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,,
Computer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,,
Hostname,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,,
UtcTime,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,,
ProcessGuid,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,,
ProcessId,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,,
Image,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,,
Device,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,,
EventID,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,,
Computer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,,
Hostname,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,,
EventType,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,,
UtcTime,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,,
ProcessGuid,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,,
ProcessId,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,,
Image,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,,
TargetObject,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,,
Details,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,,
EventID,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,,
Computer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,,
Hostname,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,,
UtcTime,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,,
SourceProcessGUID,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,,
SourceProcessId,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,,
SourceThreadId,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,,
SourceImage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,,
TargetProcessGUID,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,,
TargetProcessId,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,,
TargetImage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,,
GrantedAccess,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,,
CallTrace,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,,
EventID,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,,
Computer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,,
Hostname,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,,
ContextInfo,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,,
UserData,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,,
Payload,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,,
EventID,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,,
Computer,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,,
Hostname,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,,
SubjectUserName,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,,
SubjectDomainName,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,,
Channel,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,,
EventID,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,,
Computer,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,,
TargetUserName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,,
Hostname,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,,
TargetDomainName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,,
TargetSid,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,,
SubjectUserSid,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,,
SubjectUserName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,,
SubjectDomainName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,,
SubjectLogonId,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,,
PrivilegeList,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,,
SamAccountName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,,
DisplayName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,,
UserPrincipalName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,,
HomeDirectory,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,,
HomePath,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,,
ScriptPath,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,,
ProfilePath,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,,
UserWorkstations,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,,
PasswordLastSet,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,,
AccountExpires,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,,
PrimaryGroupId,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,,
AllowedToDelegateTo,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,,
OldUacValue,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,,
NewUacValue,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,,
UserAccountControl,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,,
UserParameters,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,,
SidHistory,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,,
LogonHours,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,,
EventID,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,,
Computer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,,
Hostname,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,,
UtcTime,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,,
ProcessGuid,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,,
ProcessId,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,,
Image,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,,
TargetFilename,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,,
CreationUtcTime,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,,
PreviousCreationUtcTime,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,,
EventID,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,,
Computer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,,
Hostname,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,,
UtcTime,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,,
ProcessGuid,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,,
ProcessId,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,,
Image,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,,
ImageLoaded,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,,
Hashes,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,,
Signed,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,,
Signature,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,,
SignatureStatus,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,,
EventID,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,,
Computer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,,
Hostname,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,,
EventType,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,,
UtcTime,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,,
ProcessGuid,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,,
ProcessId,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,,
Image,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,,
TargetObject,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,,
EventID,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,,
Computer,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,,
Hostname,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,,
param1,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,,
param2,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,,
EventID,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,,
Computer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,,
Hostname,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,,
UtcTime,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,,
EventType,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,,
Operation,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,,
User,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,,
EventNamespace,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,,
Name,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,,
Query,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,,
RuleName,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,,
EventID,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,,
Computer,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,,
Hostname,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,,
SubjectUserSid,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,,
SubjectUserName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,,
SubjectDomainName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,,
SubjectLogonId,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,,
ObjectServer,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,,
ObjectType,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,,
ObjectName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,,
HandleId,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,,
TransactionId,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,,
AccessList,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,,
AccessMask,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,,
PrivilegeList,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,,
Properties,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,,
RestrictedSidCount,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,,
ProcessId,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,,
ProcessName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,,
EventID,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,,
Computer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,,
Hostname,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,,
TaskName,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,,
UserContext,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,,
EventID,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,,
Computer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,,
Hostname,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,,
MessageNumber,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,,
MessageTotal,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,,
ScriptBlockText,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,,
ScriptBlockId,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,,
Path,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,,
EventID,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,,
Hostname,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,,
Computer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,,
UtcTime,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,,
Username,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,,
User,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,,
ProcessGuid,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,,
ProcessId,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,,
ProcessName,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,,
CommandLine,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,,
LogonGuid,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,,
LogonId,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,,
TerminalSessionid,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,,
IntegrityLevel,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,,
Hashes,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,,
Imphash,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,,
Sha256hash,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,,
Sha1hash,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,,
Md5hash,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,,
Image,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,,
ParentImage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,,
ParentProcessGuid,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,,
ParentProcessId,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,,
ParentProcessName,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,,
ParentCommandLine,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,,
EventID,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,,
Computer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,,
Hostname,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,,
UtcTime,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,,
ProcessGuid,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,,
ProcessId,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,,
PipeName,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,,
Image,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,,
EventID,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,,
Computer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,,
Hostname,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,,
EventType,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,,
UtcTime,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,,
ProcessGuid,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,,
ProcessId,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,,
Image,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,,
TargetObject,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,,
NewName,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,,
EventID,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,,
Computer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,,
Hostname,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,,
UtcTime,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,,
ProcessGuid,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,,
ProcessId,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,,
PipeName,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,,
Image,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,,
EventID,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,,
Hostname,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,,
SubjectUserSid,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,,
SubjectUserName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,,
SubjectDomainName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,,
SubjectLogonId,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,,
NewProcessId,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,,
ProcessId,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,,
NewProcessName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,,
ProcessName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,,
NewProcessName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,,
Image,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,,
TokenElevationType,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,,
CommandLine,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,,
ProcessCommandLine,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,,
ProcesssCommandLine,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,,
TargetUserSid,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,,
TargetUserName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,,
TargetDomainName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,,
TargetLogonId,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,,
ParentProcessName,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,,
ParentImage,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,,
MandatoryLabel,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,,
Hostname,AV Alerts,antivirus,None,None,None,DN_0084_av_alert,,
Signature,AV Alerts,antivirus,None,None,None,DN_0084_av_alert,,
AlertTitle,AV Alerts,antivirus,None,None,None,DN_0084_av_alert,,
Category,AV Alerts,antivirus,None,None,None,DN_0084_av_alert,,
Severity,AV Alerts,antivirus,None,None,None,DN_0084_av_alert,,
Sha1,AV Alerts,antivirus,None,None,None,DN_0084_av_alert,,
FileName,AV Alerts,antivirus,None,None,None,DN_0084_av_alert,,
FilePath,AV Alerts,antivirus,None,None,None,DN_0084_av_alert,,
IpAddress,AV Alerts,antivirus,None,None,None,DN_0084_av_alert,,
UserName,AV Alerts,antivirus,None,None,None,DN_0084_av_alert,,
UserDomain,AV Alerts,antivirus,None,None,None,DN_0084_av_alert,,
FileHash,AV Alerts,antivirus,None,None,None,DN_0084_av_alert,,
Hashes,AV Alerts,antivirus,None,None,None,DN_0084_av_alert,,
Imphash,AV Alerts,antivirus,None,None,None,DN_0084_av_alert,,
Sha256hash,AV Alerts,antivirus,None,None,None,DN_0084_av_alert,,
Sha1hash,AV Alerts,antivirus,None,None,None,DN_0084_av_alert,,
Md5hash,AV Alerts,antivirus,None,None,None,DN_0084_av_alert,,
event_data.ParentIntegrityLevel,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,EN_0002_enrich_sysmon_event_id_1_with_parent_info,EN_0001_cache_sysmon_event_id_1_info
event_data.ParentUser,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,EN_0002_enrich_sysmon_event_id_1_with_parent_info,EN_0001_cache_sysmon_event_id_1_info
event_data.ParentOfParentImage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,EN_0002_enrich_sysmon_event_id_1_with_parent_info,EN_0001_cache_sysmon_event_id_1_info
ParentIntegrityLevel,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,EN_0002_enrich_sysmon_event_id_1_with_parent_info,EN_0001_cache_sysmon_event_id_1_info
ParentUser,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,EN_0002_enrich_sysmon_event_id_1_with_parent_info,EN_0001_cache_sysmon_event_id_1_info
ParentOfParentImage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,EN_0002_enrich_sysmon_event_id_1_with_parent_info,EN_0001_cache_sysmon_event_id_1_info
event_data.IntegrityLevel,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.User,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.CommandLine,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.ParentImage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
IntegrityLevel,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
User,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
CommandLine,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
ParentImage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.IntegrityLevel,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.User,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.CommandLine,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.ParentImage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
IntegrityLevel,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
User,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
CommandLine,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
ParentImage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.IntegrityLevel,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.User,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.CommandLine,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.ParentImage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
IntegrityLevel,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
User,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
CommandLine,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
ParentImage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.IntegrityLevel,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.User,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.CommandLine,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.ParentImage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
IntegrityLevel,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
User,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
CommandLine,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
ParentImage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.IntegrityLevel,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.User,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.CommandLine,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.ParentImage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
IntegrityLevel,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
User,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
CommandLine,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
ParentImage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.IntegrityLevel,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.User,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.CommandLine,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.ParentImage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
IntegrityLevel,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
User,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
CommandLine,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
ParentImage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.IntegrityLevel,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.User,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.CommandLine,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.ParentImage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
IntegrityLevel,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
User,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
CommandLine,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
ParentImage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.IntegrityLevel,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.User,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.CommandLine,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.ParentImage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
IntegrityLevel,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
User,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
CommandLine,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
ParentImage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.IntegrityLevel,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.User,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.CommandLine,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.ParentImage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
IntegrityLevel,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
User,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
CommandLine,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
ParentImage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.IntegrityLevel,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.User,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.CommandLine,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.ParentImage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
IntegrityLevel,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
User,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
CommandLine,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
ParentImage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.IntegrityLevel,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.User,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.CommandLine,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.ParentImage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
IntegrityLevel,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
User,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
CommandLine,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
ParentImage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.IntegrityLevel,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.User,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.CommandLine,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
event_data.ParentImage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
IntegrityLevel,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
User,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
CommandLine,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info
ParentImage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,EN_0003_enrich_other_sysmon_events_with_event_id_1_data,EN_0001_cache_sysmon_event_id_1_info