atomic-threat-coverage/pivoting.csv at 5bdd548da55a705aef1c964ba8a9bcf3857875df

mirror of https://github.com/valitydev/atomic-threat-coverage.git synced 2024-11-06 17:45:23 +00:00

yugoslavskiy 2ace74ddd7 rebuided md db with ned DN

2019-02-13 20:27:19 +01:00

101 KiB

Raw Blame History

1	field	category	platform	type	channel	provider	data_needed	enrichment	enrichment requirements
2	EventID	OS Logs	Windows	Windows Log	System	Service Control Manager	DN_0005_7045_windows_service_insatalled
3	Hostname	OS Logs	Windows	Windows Log	System	Service Control Manager	DN_0005_7045_windows_service_insatalled
4	Computer	OS Logs	Windows	Windows Log	System	Service Control Manager	DN_0005_7045_windows_service_insatalled
5	ProcessID	OS Logs	Windows	Windows Log	System	Service Control Manager	DN_0005_7045_windows_service_insatalled
6	ServiceName	OS Logs	Windows	Windows Log	System	Service Control Manager	DN_0005_7045_windows_service_insatalled
7	ImagePath	OS Logs	Windows	Windows Log	System	Service Control Manager	DN_0005_7045_windows_service_insatalled
8	ServiceFileName	OS Logs	Windows	Windows Log	System	Service Control Manager	DN_0005_7045_windows_service_insatalled
9	ServiceType	OS Logs	Windows	Windows Log	System	Service Control Manager	DN_0005_7045_windows_service_insatalled
10	StartType	OS Logs	Windows	Windows Log	System	Service Control Manager	DN_0005_7045_windows_service_insatalled
11	AccountName	OS Logs	Windows	Windows Log	System	Service Control Manager	DN_0005_7045_windows_service_insatalled
12	UserSid	OS Logs	Windows	Windows Log	System	Service Control Manager	DN_0005_7045_windows_service_insatalled
13	EventID	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0026_5136_windows_directory_service_object_was_modified
14	Computer	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0026_5136_windows_directory_service_object_was_modified
15	Hostname	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0026_5136_windows_directory_service_object_was_modified
16	OpCorrelationID	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0026_5136_windows_directory_service_object_was_modified
17	AppCorrelationID	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0026_5136_windows_directory_service_object_was_modified
18	SubjectUserSid	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0026_5136_windows_directory_service_object_was_modified
19	SubjectUserName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0026_5136_windows_directory_service_object_was_modified
20	SubjectDomainName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0026_5136_windows_directory_service_object_was_modified
21	SubjectLogonId	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0026_5136_windows_directory_service_object_was_modified
22	DSName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0026_5136_windows_directory_service_object_was_modified
23	DSType	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0026_5136_windows_directory_service_object_was_modified
24	ObjectDN	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0026_5136_windows_directory_service_object_was_modified
25	ObjectGUID	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0026_5136_windows_directory_service_object_was_modified
26	ObjectClass	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0026_5136_windows_directory_service_object_was_modified
27	AttributeLDAPDisplayName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0026_5136_windows_directory_service_object_was_modified
28	AttributeSyntaxOID	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0026_5136_windows_directory_service_object_was_modified
29	AttributeValue	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0026_5136_windows_directory_service_object_was_modified
30	OperationType	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0026_5136_windows_directory_service_object_was_modified
31	EventID	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0007_3_windows_sysmon_network_connection
32	Computer	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0007_3_windows_sysmon_network_connection
33	Hostname	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0007_3_windows_sysmon_network_connection
34	UtcTime	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0007_3_windows_sysmon_network_connection
35	ProcessGuid	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0007_3_windows_sysmon_network_connection
36	ProcessId	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0007_3_windows_sysmon_network_connection
37	Image	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0007_3_windows_sysmon_network_connection
38	User	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0007_3_windows_sysmon_network_connection
39	Protocol	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0007_3_windows_sysmon_network_connection
40	Initiated	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0007_3_windows_sysmon_network_connection
41	SourceIsIpv6	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0007_3_windows_sysmon_network_connection
42	SourceIp	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0007_3_windows_sysmon_network_connection
43	SourceHostname	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0007_3_windows_sysmon_network_connection
44	SourcePort	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0007_3_windows_sysmon_network_connection
45	SourcePortName	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0007_3_windows_sysmon_network_connection
46	DestinationIsIpv6	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0007_3_windows_sysmon_network_connection
47	DestinationIp	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0007_3_windows_sysmon_network_connection
48	DestinationHostname	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0007_3_windows_sysmon_network_connection
49	DestinationPort	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0007_3_windows_sysmon_network_connection
50	DestinationPortName	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0007_3_windows_sysmon_network_connection
51	EventID	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0009_5_windows_sysmon_process_terminated
52	Computer	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0009_5_windows_sysmon_process_terminated
53	Hostname	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0009_5_windows_sysmon_process_terminated
54	UtcTime	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0009_5_windows_sysmon_process_terminated
55	ProcessGuid	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0009_5_windows_sysmon_process_terminated
56	ProcessId	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0009_5_windows_sysmon_process_terminated
57	Image	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0009_5_windows_sysmon_process_terminated
58	EventID	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0030_4662_operation_was_performed_on_an_object
59	Computer	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0030_4662_operation_was_performed_on_an_object
60	Hostname	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0030_4662_operation_was_performed_on_an_object
61	SubjectUserSid	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0030_4662_operation_was_performed_on_an_object
62	SubjectUserName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0030_4662_operation_was_performed_on_an_object
63	SubjectDomainName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0030_4662_operation_was_performed_on_an_object
64	SubjectLogonId	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0030_4662_operation_was_performed_on_an_object
65	ObjectServer	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0030_4662_operation_was_performed_on_an_object
66	ObjectType	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0030_4662_operation_was_performed_on_an_object
67	ObjectName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0030_4662_operation_was_performed_on_an_object
68	OperationType	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0030_4662_operation_was_performed_on_an_object
69	HandleId	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0030_4662_operation_was_performed_on_an_object
70	AccessList	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0030_4662_operation_was_performed_on_an_object
71	AccessMask	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0030_4662_operation_was_performed_on_an_object
72	Properties	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0030_4662_operation_was_performed_on_an_object
73	AdditionalInfo	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0030_4662_operation_was_performed_on_an_object
74	AdditionalInfo2	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0030_4662_operation_was_performed_on_an_object
75	EventID	OS Logs	Windows	Applications and Services Logs	Windows PowerShell	PowerShell	DN_0038_400_windows_powershell_engine_lifecycle
76	Computer	OS Logs	Windows	Applications and Services Logs	Windows PowerShell	PowerShell	DN_0038_400_windows_powershell_engine_lifecycle
77	Hostname	OS Logs	Windows	Applications and Services Logs	Windows PowerShell	PowerShell	DN_0038_400_windows_powershell_engine_lifecycle
78	EventID	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0015_11_windows_sysmon_FileCreate
79	Computer	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0015_11_windows_sysmon_FileCreate
80	Hostname	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0015_11_windows_sysmon_FileCreate
81	UtcTime	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0015_11_windows_sysmon_FileCreate
82	ProcessGuid	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0015_11_windows_sysmon_FileCreate
83	ProcessId	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0015_11_windows_sysmon_FileCreate
84	Image	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0015_11_windows_sysmon_FileCreate
85	TargetFilename	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0015_11_windows_sysmon_FileCreate
86	CreationUtcTime	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0015_11_windows_sysmon_FileCreate
87	EventID	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0032_5145_network_share_object_was_accessed_detailed
88	Computer	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0032_5145_network_share_object_was_accessed_detailed
89	Hostname	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0032_5145_network_share_object_was_accessed_detailed
90	SubjectUserSid	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0032_5145_network_share_object_was_accessed_detailed
91	SubjectUserName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0032_5145_network_share_object_was_accessed_detailed
92	SubjectDomainName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0032_5145_network_share_object_was_accessed_detailed
93	SubjectLogonId	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0032_5145_network_share_object_was_accessed_detailed
94	ObjectType	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0032_5145_network_share_object_was_accessed_detailed
95	IpAddress	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0032_5145_network_share_object_was_accessed_detailed
96	IpPort	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0032_5145_network_share_object_was_accessed_detailed
97	ShareName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0032_5145_network_share_object_was_accessed_detailed
98	ShareLocalPath	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0032_5145_network_share_object_was_accessed_detailed
99	RelativeTargetName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0032_5145_network_share_object_was_accessed_detailed
100	AccessMask	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0032_5145_network_share_object_was_accessed_detailed
101	AccessList	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0032_5145_network_share_object_was_accessed_detailed
102	AccessReason	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0032_5145_network_share_object_was_accessed_detailed
103	EventID	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0004_4624_windows_account_logon
104	AccountName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0004_4624_windows_account_logon
105	Hostname	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0004_4624_windows_account_logon
106	Computer	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0004_4624_windows_account_logon
107	SubjectUserSid	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0004_4624_windows_account_logon
108	SubjectUserName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0004_4624_windows_account_logon
109	SubjectDomainName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0004_4624_windows_account_logon
110	SubjectLogonId	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0004_4624_windows_account_logon
111	TargetUserSid	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0004_4624_windows_account_logon
112	TargetUserName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0004_4624_windows_account_logon
113	TargetDomainName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0004_4624_windows_account_logon
114	TargetLogonId	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0004_4624_windows_account_logon
115	LogonType	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0004_4624_windows_account_logon
116	LogonProcessName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0004_4624_windows_account_logon
117	AuthenticationPackageName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0004_4624_windows_account_logon
118	WorkstationName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0004_4624_windows_account_logon
119	LogonGuid	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0004_4624_windows_account_logon
120	TransmittedServices	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0004_4624_windows_account_logon
121	LmPackageName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0004_4624_windows_account_logon
122	KeyLength	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0004_4624_windows_account_logon
123	ProcessId	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0004_4624_windows_account_logon
124	ProcessName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0004_4624_windows_account_logon
125	IpAddress	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0004_4624_windows_account_logon
126	IpPort	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0004_4624_windows_account_logon
127	ImpersonationLevel	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0004_4624_windows_account_logon
128	RestrictedAdminMode	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0004_4624_windows_account_logon
129	TargetOutboundUserName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0004_4624_windows_account_logon
130	TargetOutboundDomainName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0004_4624_windows_account_logon
131	VirtualAccount	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0004_4624_windows_account_logon
132	TargetLinkedLogonId	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0004_4624_windows_account_logon
133	ElevatedToken	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0004_4624_windows_account_logon
134	EventID	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0010_6_windows_sysmon_driver_loaded
135	Computer	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0010_6_windows_sysmon_driver_loaded
136	Hostname	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0010_6_windows_sysmon_driver_loaded
137	UtcTime	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0010_6_windows_sysmon_driver_loaded
138	ImageLoaded	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0010_6_windows_sysmon_driver_loaded
139	Hashes	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0010_6_windows_sysmon_driver_loaded
140	Sha256hash	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0010_6_windows_sysmon_driver_loaded
141	Md5hash	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0010_6_windows_sysmon_driver_loaded
142	Signed	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0010_6_windows_sysmon_driver_loaded
143	Signature	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0010_6_windows_sysmon_driver_loaded
144	SignatureStatus	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0010_6_windows_sysmon_driver_loaded
145	EventID	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0001_4688_windows_process_creation
146	Hostname	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0001_4688_windows_process_creation
147	SubjectUserSid	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0001_4688_windows_process_creation
148	SubjectUserName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0001_4688_windows_process_creation
149	SubjectDomainName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0001_4688_windows_process_creation
150	SubjectLogonId	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0001_4688_windows_process_creation
151	NewProcessId	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0001_4688_windows_process_creation
152	NewProcessName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0001_4688_windows_process_creation
153	TokenElevationType	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0001_4688_windows_process_creation
154	ProcessId	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0001_4688_windows_process_creation
155	ProcessPid	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0001_4688_windows_process_creation
156	TargetUserSid	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0001_4688_windows_process_creation
157	TargetUserName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0001_4688_windows_process_creation
158	TargetDomainName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0001_4688_windows_process_creation
159	TargetLogonId	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0001_4688_windows_process_creation
160	ParentProcessName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0001_4688_windows_process_creation
161	MandatoryLabel	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0001_4688_windows_process_creation
162	ProcessName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0001_4688_windows_process_creation
163	Image	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0001_4688_windows_process_creation
164	EventID	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0019_15_windows_sysmon_FileCreateStreamHash
165	Computer	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0019_15_windows_sysmon_FileCreateStreamHash
166	Hostname	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0019_15_windows_sysmon_FileCreateStreamHash
167	UtcTime	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0019_15_windows_sysmon_FileCreateStreamHash
168	ProcessGuid	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0019_15_windows_sysmon_FileCreateStreamHash
169	ProcessId	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0019_15_windows_sysmon_FileCreateStreamHash
170	Image	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0019_15_windows_sysmon_FileCreateStreamHash
171	TargetFilename	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0019_15_windows_sysmon_FileCreateStreamHash
172	CreationUtcTime	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0019_15_windows_sysmon_FileCreateStreamHash
173	Hash	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0019_15_windows_sysmon_FileCreateStreamHash
174	EventID	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0028_4794_directory_services_restore_mode_admin_password_set
175	Computer	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0028_4794_directory_services_restore_mode_admin_password_set
176	Hostname	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0028_4794_directory_services_restore_mode_admin_password_set
177	SubjectUserSid	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0028_4794_directory_services_restore_mode_admin_password_set
178	SubjectUserName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0028_4794_directory_services_restore_mode_admin_password_set
179	SubjectDomainName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0028_4794_directory_services_restore_mode_admin_password_set
180	SubjectLogonId	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0028_4794_directory_services_restore_mode_admin_password_set
181	Workstation	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0028_4794_directory_services_restore_mode_admin_password_set
182	Status	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0028_4794_directory_services_restore_mode_admin_password_set
183	EventID	OS Logs	Windows	Windows Log	System	Microsoft-Windows-Kernel-General	DN_0083_16_access_history_in_hive_was_cleared
184	Hostname	OS Logs	Windows	Windows Log	System	Microsoft-Windows-Kernel-General	DN_0083_16_access_history_in_hive_was_cleared
185	Computer	OS Logs	Windows	Windows Log	System	Microsoft-Windows-Kernel-General	DN_0083_16_access_history_in_hive_was_cleared
186	HiveNameLength	OS Logs	Windows	Windows Log	System	Microsoft-Windows-Kernel-General	DN_0083_16_access_history_in_hive_was_cleared
187	HiveName	OS Logs	Windows	Windows Log	System	Microsoft-Windows-Kernel-General	DN_0083_16_access_history_in_hive_was_cleared
188	KeysUpdated	OS Logs	Windows	Windows Log	System	Microsoft-Windows-Kernel-General	DN_0083_16_access_history_in_hive_was_cleared
189	DirtyPages	OS Logs	Windows	Windows Log	System	Microsoft-Windows-Kernel-General	DN_0083_16_access_history_in_hive_was_cleared
190	EventID	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0012_8_windows_sysmon_CreateRemoteThread
191	Computer	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0012_8_windows_sysmon_CreateRemoteThread
192	Hostname	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0012_8_windows_sysmon_CreateRemoteThread
193	UtcTime	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0012_8_windows_sysmon_CreateRemoteThread
194	SourceProcessGuid	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0012_8_windows_sysmon_CreateRemoteThread
195	SourceProcessId	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0012_8_windows_sysmon_CreateRemoteThread
196	SourceImage	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0012_8_windows_sysmon_CreateRemoteThread
197	TargetProcessGuid	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0012_8_windows_sysmon_CreateRemoteThread
198	TargetProcessId	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0012_8_windows_sysmon_CreateRemoteThread
199	TargetImage	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0012_8_windows_sysmon_CreateRemoteThread
200	NewThreadId	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0012_8_windows_sysmon_CreateRemoteThread
201	StartAddress	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0012_8_windows_sysmon_CreateRemoteThread
202	StartModule	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0012_8_windows_sysmon_CreateRemoteThread
203	StartFunction	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0012_8_windows_sysmon_CreateRemoteThread
204	EventID	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-WMI-Activity/Operational	Microsoft-Windows-WMI-Activity	DN_0081_5861_wmi_activity
205	Computer	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-WMI-Activity/Operational	Microsoft-Windows-WMI-Activity	DN_0081_5861_wmi_activity
206	Hostname	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-WMI-Activity/Operational	Microsoft-Windows-WMI-Activity	DN_0081_5861_wmi_activity
207	Namespace	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-WMI-Activity/Operational	Microsoft-Windows-WMI-Activity	DN_0081_5861_wmi_activity
208	ESS	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-WMI-Activity/Operational	Microsoft-Windows-WMI-Activity	DN_0081_5861_wmi_activity
209	Consumer	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-WMI-Activity/Operational	Microsoft-Windows-WMI-Activity	DN_0081_5861_wmi_activity
210	PossibleCause	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-WMI-Activity/Operational	Microsoft-Windows-WMI-Activity	DN_0081_5861_wmi_activity
211	CreatorSID	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-WMI-Activity/Operational	Microsoft-Windows-WMI-Activity	DN_0081_5861_wmi_activity
212	EventNamespace	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-WMI-Activity/Operational	Microsoft-Windows-WMI-Activity	DN_0081_5861_wmi_activity
213	Query	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-WMI-Activity/Operational	Microsoft-Windows-WMI-Activity	DN_0081_5861_wmi_activity
214	QueryLanguage	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-WMI-Activity/Operational	Microsoft-Windows-WMI-Activity	DN_0081_5861_wmi_activity
215	EventFilter	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-WMI-Activity/Operational	Microsoft-Windows-WMI-Activity	DN_0081_5861_wmi_activity
216	EventID	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0023_20_windows_sysmon_WmiEvent
217	Computer	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0023_20_windows_sysmon_WmiEvent
218	Hostname	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0023_20_windows_sysmon_WmiEvent
219	UtcTime	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0023_20_windows_sysmon_WmiEvent
220	EventType	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0023_20_windows_sysmon_WmiEvent
221	Operation	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0023_20_windows_sysmon_WmiEvent
222	User	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0023_20_windows_sysmon_WmiEvent
223	Name	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0023_20_windows_sysmon_WmiEvent
224	Type	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0023_20_windows_sysmon_WmiEvent
225	Destination	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0023_20_windows_sysmon_WmiEvent
226	RuleName	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0023_20_windows_sysmon_WmiEvent
227	EventID	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-WMI-Activity/Operational	Microsoft-Windows-WMI-Activity	DN_0080_5859_wmi_activity
228	Computer	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-WMI-Activity/Operational	Microsoft-Windows-WMI-Activity	DN_0080_5859_wmi_activity
229	Hostname	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-WMI-Activity/Operational	Microsoft-Windows-WMI-Activity	DN_0080_5859_wmi_activity
230	NamespaceName	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-WMI-Activity/Operational	Microsoft-Windows-WMI-Activity	DN_0080_5859_wmi_activity
231	Query	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-WMI-Activity/Operational	Microsoft-Windows-WMI-Activity	DN_0080_5859_wmi_activity
232	ProcessID	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-WMI-Activity/Operational	Microsoft-Windows-WMI-Activity	DN_0080_5859_wmi_activity
233	Provider	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-WMI-Activity/Operational	Microsoft-Windows-WMI-Activity	DN_0080_5859_wmi_activity
234	queryid	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-WMI-Activity/Operational	Microsoft-Windows-WMI-Activity	DN_0080_5859_wmi_activity
235	PossibleCause	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-WMI-Activity/Operational	Microsoft-Windows-WMI-Activity	DN_0080_5859_wmi_activity
236	CorrelationActivityID	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-WMI-Activity/Operational	Microsoft-Windows-WMI-Activity	DN_0080_5859_wmi_activity
237	EventID	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0063_4697_service_was_installed_in_the_system
238	Computer	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0063_4697_service_was_installed_in_the_system
239	Hostname	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0063_4697_service_was_installed_in_the_system
240	SubjectUserSid	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0063_4697_service_was_installed_in_the_system
241	SubjectUserName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0063_4697_service_was_installed_in_the_system
242	SubjectDomainName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0063_4697_service_was_installed_in_the_system
243	SubjectLogonId	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0063_4697_service_was_installed_in_the_system
244	ServiceName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0063_4697_service_was_installed_in_the_system
245	ServiceFileName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0063_4697_service_was_installed_in_the_system
246	ServiceType	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0063_4697_service_was_installed_in_the_system
247	ServiceStartType	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0063_4697_service_was_installed_in_the_system
248	ServiceAccount	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0063_4697_service_was_installed_in_the_system
249	EventID	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0024_21_windows_sysmon_WmiEvent
250	Computer	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0024_21_windows_sysmon_WmiEvent
251	Hostname	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0024_21_windows_sysmon_WmiEvent
252	UtcTime	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0024_21_windows_sysmon_WmiEvent
253	EventType	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0024_21_windows_sysmon_WmiEvent
254	Operation	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0024_21_windows_sysmon_WmiEvent
255	User	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0024_21_windows_sysmon_WmiEvent
256	Consumer	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0024_21_windows_sysmon_WmiEvent
257	RuleName	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0024_21_windows_sysmon_WmiEvent
258	Filter	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0024_21_windows_sysmon_WmiEvent
259	EventID	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0008_4_windows_sysmon_sysmon_service_state_changed
260	Computer	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0008_4_windows_sysmon_sysmon_service_state_changed
261	Hostname	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0008_4_windows_sysmon_sysmon_service_state_changed
262	UtcTime	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0008_4_windows_sysmon_sysmon_service_state_changed
263	State	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0008_4_windows_sysmon_sysmon_service_state_changed
264	EventID	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0033_5140_network_share_object_was_accessed
265	Computer	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0033_5140_network_share_object_was_accessed
266	Hostname	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0033_5140_network_share_object_was_accessed
267	SubjectUserSid	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0033_5140_network_share_object_was_accessed
268	SubjectUserName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0033_5140_network_share_object_was_accessed
269	SubjectDomainName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0033_5140_network_share_object_was_accessed
270	SubjectLogonId	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0033_5140_network_share_object_was_accessed
271	ObjectType	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0033_5140_network_share_object_was_accessed
272	IpAddress	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0033_5140_network_share_object_was_accessed
273	IpPort	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0033_5140_network_share_object_was_accessed
274	ShareName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0033_5140_network_share_object_was_accessed
275	ShareLocalPath	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0033_5140_network_share_object_was_accessed
276	AccessMask	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0033_5140_network_share_object_was_accessed
277	AccessList	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0033_5140_network_share_object_was_accessed
278	EventID	OS Logs	Windows	Applications and Services Logs	DNS Server	Microsoft-Windows-DNS-Server-Service	DN_0036_150_dns_server_could_not_load_dll
279	Hostname	OS Logs	Windows	Applications and Services Logs	DNS Server	Microsoft-Windows-DNS-Server-Service	DN_0036_150_dns_server_could_not_load_dll
280	Computer	OS Logs	Windows	Applications and Services Logs	DNS Server	Microsoft-Windows-DNS-Server-Service	DN_0036_150_dns_server_could_not_load_dll
281	EventID	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0013_9_windows_sysmon_RawAccessRead
282	Computer	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0013_9_windows_sysmon_RawAccessRead
283	Hostname	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0013_9_windows_sysmon_RawAccessRead
284	UtcTime	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0013_9_windows_sysmon_RawAccessRead
285	ProcessGuid	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0013_9_windows_sysmon_RawAccessRead
286	ProcessId	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0013_9_windows_sysmon_RawAccessRead
287	Image	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0013_9_windows_sysmon_RawAccessRead
288	Device	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0013_9_windows_sysmon_RawAccessRead
289	EventID	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0017_13_windows_sysmon_RegistryEvent
290	Computer	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0017_13_windows_sysmon_RegistryEvent
291	Hostname	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0017_13_windows_sysmon_RegistryEvent
292	EventType	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0017_13_windows_sysmon_RegistryEvent
293	UtcTime	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0017_13_windows_sysmon_RegistryEvent
294	ProcessGuid	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0017_13_windows_sysmon_RegistryEvent
295	ProcessId	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0017_13_windows_sysmon_RegistryEvent
296	Image	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0017_13_windows_sysmon_RegistryEvent
297	TargetObject	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0017_13_windows_sysmon_RegistryEvent
298	Details	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0017_13_windows_sysmon_RegistryEvent
299	EventID	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0014_10_windows_sysmon_ProcessAccess
300	Computer	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0014_10_windows_sysmon_ProcessAccess
301	Hostname	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0014_10_windows_sysmon_ProcessAccess
302	UtcTime	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0014_10_windows_sysmon_ProcessAccess
303	SourceProcessGUID	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0014_10_windows_sysmon_ProcessAccess
304	SourceProcessId	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0014_10_windows_sysmon_ProcessAccess
305	SourceThreadId	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0014_10_windows_sysmon_ProcessAccess
306	SourceImage	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0014_10_windows_sysmon_ProcessAccess
307	TargetProcessGUID	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0014_10_windows_sysmon_ProcessAccess
308	TargetProcessId	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0014_10_windows_sysmon_ProcessAccess
309	TargetImage	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0014_10_windows_sysmon_ProcessAccess
310	GrantedAccess	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0014_10_windows_sysmon_ProcessAccess
311	CallTrace	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0014_10_windows_sysmon_ProcessAccess
312	EventID	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-PowerShell/Operational	Microsoft-Windows-PowerShell	DN_0037_4103_windows_powershell_executing_pipeline
313	Computer	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-PowerShell/Operational	Microsoft-Windows-PowerShell	DN_0037_4103_windows_powershell_executing_pipeline
314	Hostname	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-PowerShell/Operational	Microsoft-Windows-PowerShell	DN_0037_4103_windows_powershell_executing_pipeline
315	ContextInfo	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-PowerShell/Operational	Microsoft-Windows-PowerShell	DN_0037_4103_windows_powershell_executing_pipeline
316	UserData	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-PowerShell/Operational	Microsoft-Windows-PowerShell	DN_0037_4103_windows_powershell_executing_pipeline
317	Payload	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-PowerShell/Operational	Microsoft-Windows-PowerShell	DN_0037_4103_windows_powershell_executing_pipeline
318	EventID	OS Logs	Windows	Windows Log	System	Microsoft-Windows-Eventlog	DN_0034_104_log_file_was_cleared
319	Computer	OS Logs	Windows	Windows Log	System	Microsoft-Windows-Eventlog	DN_0034_104_log_file_was_cleared
320	Hostname	OS Logs	Windows	Windows Log	System	Microsoft-Windows-Eventlog	DN_0034_104_log_file_was_cleared
321	SubjectUserName	OS Logs	Windows	Windows Log	System	Microsoft-Windows-Eventlog	DN_0034_104_log_file_was_cleared
322	SubjectDomainName	OS Logs	Windows	Windows Log	System	Microsoft-Windows-Eventlog	DN_0034_104_log_file_was_cleared
323	Channel	OS Logs	Windows	Windows Log	System	Microsoft-Windows-Eventlog	DN_0034_104_log_file_was_cleared
324	EventID	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0027_4738_user_account_was_changed
325	Computer	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0027_4738_user_account_was_changed
326	TargetUserName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0027_4738_user_account_was_changed
327	Hostname	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0027_4738_user_account_was_changed
328	TargetDomainName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0027_4738_user_account_was_changed
329	TargetSid	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0027_4738_user_account_was_changed
330	SubjectUserSid	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0027_4738_user_account_was_changed
331	SubjectUserName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0027_4738_user_account_was_changed
332	SubjectDomainName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0027_4738_user_account_was_changed
333	SubjectLogonId	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0027_4738_user_account_was_changed
334	PrivilegeList	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0027_4738_user_account_was_changed
335	SamAccountName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0027_4738_user_account_was_changed
336	DisplayName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0027_4738_user_account_was_changed
337	UserPrincipalName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0027_4738_user_account_was_changed
338	HomeDirectory	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0027_4738_user_account_was_changed
339	HomePath	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0027_4738_user_account_was_changed
340	ScriptPath	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0027_4738_user_account_was_changed
341	ProfilePath	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0027_4738_user_account_was_changed
342	UserWorkstations	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0027_4738_user_account_was_changed
343	PasswordLastSet	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0027_4738_user_account_was_changed
344	AccountExpires	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0027_4738_user_account_was_changed
345	PrimaryGroupId	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0027_4738_user_account_was_changed
346	AllowedToDelegateTo	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0027_4738_user_account_was_changed
347	OldUacValue	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0027_4738_user_account_was_changed
348	NewUacValue	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0027_4738_user_account_was_changed
349	UserAccountControl	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0027_4738_user_account_was_changed
350	UserParameters	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0027_4738_user_account_was_changed
351	SidHistory	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0027_4738_user_account_was_changed
352	LogonHours	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0027_4738_user_account_was_changed
353	EventID	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0006_2_windows_sysmon_process_changed_a_file_creation_time
354	Computer	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0006_2_windows_sysmon_process_changed_a_file_creation_time
355	Hostname	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0006_2_windows_sysmon_process_changed_a_file_creation_time
356	UtcTime	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0006_2_windows_sysmon_process_changed_a_file_creation_time
357	ProcessGuid	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0006_2_windows_sysmon_process_changed_a_file_creation_time
358	ProcessId	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0006_2_windows_sysmon_process_changed_a_file_creation_time
359	Image	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0006_2_windows_sysmon_process_changed_a_file_creation_time
360	TargetFilename	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0006_2_windows_sysmon_process_changed_a_file_creation_time
361	CreationUtcTime	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0006_2_windows_sysmon_process_changed_a_file_creation_time
362	PreviousCreationUtcTime	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0006_2_windows_sysmon_process_changed_a_file_creation_time
363	EventID	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0011_7_windows_sysmon_image_loaded
364	Computer	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0011_7_windows_sysmon_image_loaded
365	Hostname	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0011_7_windows_sysmon_image_loaded
366	UtcTime	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0011_7_windows_sysmon_image_loaded
367	ProcessGuid	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0011_7_windows_sysmon_image_loaded
368	ProcessId	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0011_7_windows_sysmon_image_loaded
369	Image	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0011_7_windows_sysmon_image_loaded
370	ImageLoaded	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0011_7_windows_sysmon_image_loaded
371	Hashes	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0011_7_windows_sysmon_image_loaded
372	Signed	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0011_7_windows_sysmon_image_loaded
373	Signature	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0011_7_windows_sysmon_image_loaded
374	SignatureStatus	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0011_7_windows_sysmon_image_loaded
375	EventID	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0016_12_windows_sysmon_RegistryEvent
376	Computer	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0016_12_windows_sysmon_RegistryEvent
377	Hostname	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0016_12_windows_sysmon_RegistryEvent
378	EventType	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0016_12_windows_sysmon_RegistryEvent
379	UtcTime	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0016_12_windows_sysmon_RegistryEvent
380	ProcessGuid	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0016_12_windows_sysmon_RegistryEvent
381	ProcessId	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0016_12_windows_sysmon_RegistryEvent
382	Image	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0016_12_windows_sysmon_RegistryEvent
383	TargetObject	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0016_12_windows_sysmon_RegistryEvent
384	EventID	OS Logs	Windows	Windows Log	System	Service Control Manager	DN_0031_7036_service_started_stopped
385	Computer	OS Logs	Windows	Windows Log	System	Service Control Manager	DN_0031_7036_service_started_stopped
386	Hostname	OS Logs	Windows	Windows Log	System	Service Control Manager	DN_0031_7036_service_started_stopped
387	param1	OS Logs	Windows	Windows Log	System	Service Control Manager	DN_0031_7036_service_started_stopped
388	param2	OS Logs	Windows	Windows Log	System	Service Control Manager	DN_0031_7036_service_started_stopped
389	EventID	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0022_19_windows_sysmon_WmiEvent
390	Computer	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0022_19_windows_sysmon_WmiEvent
391	Hostname	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0022_19_windows_sysmon_WmiEvent
392	UtcTime	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0022_19_windows_sysmon_WmiEvent
393	EventType	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0022_19_windows_sysmon_WmiEvent
394	Operation	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0022_19_windows_sysmon_WmiEvent
395	User	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0022_19_windows_sysmon_WmiEvent
396	EventNamespace	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0022_19_windows_sysmon_WmiEvent
397	Name	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0022_19_windows_sysmon_WmiEvent
398	Query	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0022_19_windows_sysmon_WmiEvent
399	RuleName	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0022_19_windows_sysmon_WmiEvent
400	EventID	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0029_4661_handle_to_an_object_was_requested
401	Computer	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0029_4661_handle_to_an_object_was_requested
402	Hostname	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0029_4661_handle_to_an_object_was_requested
403	SubjectUserSid	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0029_4661_handle_to_an_object_was_requested
404	SubjectUserName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0029_4661_handle_to_an_object_was_requested
405	SubjectDomainName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0029_4661_handle_to_an_object_was_requested
406	SubjectLogonId	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0029_4661_handle_to_an_object_was_requested
407	ObjectServer	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0029_4661_handle_to_an_object_was_requested
408	ObjectType	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0029_4661_handle_to_an_object_was_requested
409	ObjectName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0029_4661_handle_to_an_object_was_requested
410	HandleId	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0029_4661_handle_to_an_object_was_requested
411	TransactionId	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0029_4661_handle_to_an_object_was_requested
412	AccessList	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0029_4661_handle_to_an_object_was_requested
413	AccessMask	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0029_4661_handle_to_an_object_was_requested
414	PrivilegeList	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0029_4661_handle_to_an_object_was_requested
415	Properties	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0029_4661_handle_to_an_object_was_requested
416	RestrictedSidCount	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0029_4661_handle_to_an_object_was_requested
417	ProcessId	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0029_4661_handle_to_an_object_was_requested
418	ProcessName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0029_4661_handle_to_an_object_was_requested
419	EventID	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-TaskScheduler/Operational	Microsoft-Windows-TaskScheduler	DN_0035_106_task_scheduler_task_registered
420	Computer	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-TaskScheduler/Operational	Microsoft-Windows-TaskScheduler	DN_0035_106_task_scheduler_task_registered
421	Hostname	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-TaskScheduler/Operational	Microsoft-Windows-TaskScheduler	DN_0035_106_task_scheduler_task_registered
422	TaskName	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-TaskScheduler/Operational	Microsoft-Windows-TaskScheduler	DN_0035_106_task_scheduler_task_registered
423	UserContext	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-TaskScheduler/Operational	Microsoft-Windows-TaskScheduler	DN_0035_106_task_scheduler_task_registered
424	EventID	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-PowerShell/Operational	Microsoft-Windows-PowerShell	DN_0036_4104_windows_powershell_script_block
425	Computer	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-PowerShell/Operational	Microsoft-Windows-PowerShell	DN_0036_4104_windows_powershell_script_block
426	Hostname	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-PowerShell/Operational	Microsoft-Windows-PowerShell	DN_0036_4104_windows_powershell_script_block
427	MessageNumber	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-PowerShell/Operational	Microsoft-Windows-PowerShell	DN_0036_4104_windows_powershell_script_block
428	MessageTotal	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-PowerShell/Operational	Microsoft-Windows-PowerShell	DN_0036_4104_windows_powershell_script_block
429	ScriptBlockText	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-PowerShell/Operational	Microsoft-Windows-PowerShell	DN_0036_4104_windows_powershell_script_block
430	ScriptBlockId	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-PowerShell/Operational	Microsoft-Windows-PowerShell	DN_0036_4104_windows_powershell_script_block
431	Path	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-PowerShell/Operational	Microsoft-Windows-PowerShell	DN_0036_4104_windows_powershell_script_block
432	EventID	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0003_1_windows_sysmon_process_creation
433	Hostname	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0003_1_windows_sysmon_process_creation
434	Computer	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0003_1_windows_sysmon_process_creation
435	UtcTime	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0003_1_windows_sysmon_process_creation
436	Username	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0003_1_windows_sysmon_process_creation
437	User	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0003_1_windows_sysmon_process_creation
438	ProcessGuid	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0003_1_windows_sysmon_process_creation
439	ProcessId	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0003_1_windows_sysmon_process_creation
440	ProcessName	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0003_1_windows_sysmon_process_creation
441	CommandLine	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0003_1_windows_sysmon_process_creation
442	LogonGuid	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0003_1_windows_sysmon_process_creation
443	LogonId	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0003_1_windows_sysmon_process_creation
444	TerminalSessionid	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0003_1_windows_sysmon_process_creation
445	IntegrityLevel	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0003_1_windows_sysmon_process_creation
446	Hashes	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0003_1_windows_sysmon_process_creation
447	Imphash	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0003_1_windows_sysmon_process_creation
448	Sha256hash	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0003_1_windows_sysmon_process_creation
449	Sha1hash	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0003_1_windows_sysmon_process_creation
450	Md5hash	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0003_1_windows_sysmon_process_creation
451	Image	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0003_1_windows_sysmon_process_creation
452	ParentImage	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0003_1_windows_sysmon_process_creation
453	ParentProcessGuid	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0003_1_windows_sysmon_process_creation
454	ParentProcessId	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0003_1_windows_sysmon_process_creation
455	ParentProcessName	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0003_1_windows_sysmon_process_creation
456	ParentCommandLine	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0003_1_windows_sysmon_process_creation
457	EventID	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0021_18_windows_sysmon_PipeEvent
458	Computer	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0021_18_windows_sysmon_PipeEvent
459	Hostname	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0021_18_windows_sysmon_PipeEvent
460	UtcTime	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0021_18_windows_sysmon_PipeEvent
461	ProcessGuid	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0021_18_windows_sysmon_PipeEvent
462	ProcessId	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0021_18_windows_sysmon_PipeEvent
463	PipeName	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0021_18_windows_sysmon_PipeEvent
464	Image	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0021_18_windows_sysmon_PipeEvent
465	EventID	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0018_14_windows_sysmon_RegistryEvent
466	Computer	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0018_14_windows_sysmon_RegistryEvent
467	Hostname	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0018_14_windows_sysmon_RegistryEvent
468	EventType	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0018_14_windows_sysmon_RegistryEvent
469	UtcTime	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0018_14_windows_sysmon_RegistryEvent
470	ProcessGuid	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0018_14_windows_sysmon_RegistryEvent
471	ProcessId	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0018_14_windows_sysmon_RegistryEvent
472	Image	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0018_14_windows_sysmon_RegistryEvent
473	TargetObject	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0018_14_windows_sysmon_RegistryEvent
474	NewName	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0018_14_windows_sysmon_RegistryEvent
475	EventID	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0020_17_windows_sysmon_PipeEvent
476	Computer	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0020_17_windows_sysmon_PipeEvent
477	Hostname	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0020_17_windows_sysmon_PipeEvent
478	UtcTime	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0020_17_windows_sysmon_PipeEvent
479	ProcessGuid	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0020_17_windows_sysmon_PipeEvent
480	ProcessId	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0020_17_windows_sysmon_PipeEvent
481	PipeName	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0020_17_windows_sysmon_PipeEvent
482	Image	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0020_17_windows_sysmon_PipeEvent
483	EventID	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0002_4688_windows_process_creation_with_commandline
484	Hostname	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0002_4688_windows_process_creation_with_commandline
485	SubjectUserSid	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0002_4688_windows_process_creation_with_commandline
486	SubjectUserName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0002_4688_windows_process_creation_with_commandline
487	SubjectDomainName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0002_4688_windows_process_creation_with_commandline
488	SubjectLogonId	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0002_4688_windows_process_creation_with_commandline
489	NewProcessId	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0002_4688_windows_process_creation_with_commandline
490	ProcessId	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0002_4688_windows_process_creation_with_commandline
491	NewProcessName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0002_4688_windows_process_creation_with_commandline
492	ProcessName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0002_4688_windows_process_creation_with_commandline
493	NewProcessName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0002_4688_windows_process_creation_with_commandline
494	Image	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0002_4688_windows_process_creation_with_commandline
495	TokenElevationType	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0002_4688_windows_process_creation_with_commandline
496	CommandLine	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0002_4688_windows_process_creation_with_commandline
497	ProcessCommandLine	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0002_4688_windows_process_creation_with_commandline
498	ProcesssCommandLine	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0002_4688_windows_process_creation_with_commandline
499	TargetUserSid	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0002_4688_windows_process_creation_with_commandline
500	TargetUserName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0002_4688_windows_process_creation_with_commandline
501	TargetDomainName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0002_4688_windows_process_creation_with_commandline
502	TargetLogonId	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0002_4688_windows_process_creation_with_commandline
503	ParentProcessName	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0002_4688_windows_process_creation_with_commandline
504	ParentImage	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0002_4688_windows_process_creation_with_commandline
505	MandatoryLabel	OS Logs	Windows	Windows Log	Security	Microsoft-Windows-Security-Auditing	DN_0002_4688_windows_process_creation_with_commandline
506	Hostname	AV Alerts	antivirus	None	None	None	DN_0084_av_alert
507	Signature	AV Alerts	antivirus	None	None	None	DN_0084_av_alert
508	AlertTitle	AV Alerts	antivirus	None	None	None	DN_0084_av_alert
509	Category	AV Alerts	antivirus	None	None	None	DN_0084_av_alert
510	Severity	AV Alerts	antivirus	None	None	None	DN_0084_av_alert
511	Sha1	AV Alerts	antivirus	None	None	None	DN_0084_av_alert
512	FileName	AV Alerts	antivirus	None	None	None	DN_0084_av_alert
513	FilePath	AV Alerts	antivirus	None	None	None	DN_0084_av_alert
514	IpAddress	AV Alerts	antivirus	None	None	None	DN_0084_av_alert
515	UserName	AV Alerts	antivirus	None	None	None	DN_0084_av_alert
516	UserDomain	AV Alerts	antivirus	None	None	None	DN_0084_av_alert
517	FileHash	AV Alerts	antivirus	None	None	None	DN_0084_av_alert
518	Hashes	AV Alerts	antivirus	None	None	None	DN_0084_av_alert
519	Imphash	AV Alerts	antivirus	None	None	None	DN_0084_av_alert
520	Sha256hash	AV Alerts	antivirus	None	None	None	DN_0084_av_alert
521	Sha1hash	AV Alerts	antivirus	None	None	None	DN_0084_av_alert
522	Md5hash	AV Alerts	antivirus	None	None	None	DN_0084_av_alert
523	event_data.ParentIntegrityLevel	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0003_1_windows_sysmon_process_creation	EN_0002_enrich_sysmon_event_id_1_with_parent_info	EN_0001_cache_sysmon_event_id_1_info
524	event_data.ParentUser	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0003_1_windows_sysmon_process_creation	EN_0002_enrich_sysmon_event_id_1_with_parent_info	EN_0001_cache_sysmon_event_id_1_info
525	event_data.ParentOfParentImage	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0003_1_windows_sysmon_process_creation	EN_0002_enrich_sysmon_event_id_1_with_parent_info	EN_0001_cache_sysmon_event_id_1_info
526	ParentIntegrityLevel	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0003_1_windows_sysmon_process_creation	EN_0002_enrich_sysmon_event_id_1_with_parent_info	EN_0001_cache_sysmon_event_id_1_info
527	ParentUser	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0003_1_windows_sysmon_process_creation	EN_0002_enrich_sysmon_event_id_1_with_parent_info	EN_0001_cache_sysmon_event_id_1_info
528	ParentOfParentImage	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0003_1_windows_sysmon_process_creation	EN_0002_enrich_sysmon_event_id_1_with_parent_info	EN_0001_cache_sysmon_event_id_1_info
529	event_data.IntegrityLevel	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0007_3_windows_sysmon_network_connection	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
530	event_data.User	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0007_3_windows_sysmon_network_connection	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
531	event_data.CommandLine	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0007_3_windows_sysmon_network_connection	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
532	event_data.ParentImage	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0007_3_windows_sysmon_network_connection	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
533	IntegrityLevel	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0007_3_windows_sysmon_network_connection	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
534	User	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0007_3_windows_sysmon_network_connection	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
535	CommandLine	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0007_3_windows_sysmon_network_connection	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
536	ParentImage	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0007_3_windows_sysmon_network_connection	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
537	event_data.IntegrityLevel	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0009_5_windows_sysmon_process_terminated	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
538	event_data.User	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0009_5_windows_sysmon_process_terminated	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
539	event_data.CommandLine	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0009_5_windows_sysmon_process_terminated	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
540	event_data.ParentImage	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0009_5_windows_sysmon_process_terminated	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
541	IntegrityLevel	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0009_5_windows_sysmon_process_terminated	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
542	User	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0009_5_windows_sysmon_process_terminated	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
543	CommandLine	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0009_5_windows_sysmon_process_terminated	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
544	ParentImage	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0009_5_windows_sysmon_process_terminated	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
545	event_data.IntegrityLevel	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0015_11_windows_sysmon_FileCreate	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
546	event_data.User	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0015_11_windows_sysmon_FileCreate	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
547	event_data.CommandLine	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0015_11_windows_sysmon_FileCreate	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
548	event_data.ParentImage	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0015_11_windows_sysmon_FileCreate	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
549	IntegrityLevel	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0015_11_windows_sysmon_FileCreate	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
550	User	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0015_11_windows_sysmon_FileCreate	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
551	CommandLine	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0015_11_windows_sysmon_FileCreate	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
552	ParentImage	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0015_11_windows_sysmon_FileCreate	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
553	event_data.IntegrityLevel	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0019_15_windows_sysmon_FileCreateStreamHash	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
554	event_data.User	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0019_15_windows_sysmon_FileCreateStreamHash	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
555	event_data.CommandLine	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0019_15_windows_sysmon_FileCreateStreamHash	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
556	event_data.ParentImage	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0019_15_windows_sysmon_FileCreateStreamHash	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
557	IntegrityLevel	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0019_15_windows_sysmon_FileCreateStreamHash	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
558	User	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0019_15_windows_sysmon_FileCreateStreamHash	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
559	CommandLine	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0019_15_windows_sysmon_FileCreateStreamHash	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
560	ParentImage	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0019_15_windows_sysmon_FileCreateStreamHash	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
561	event_data.IntegrityLevel	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0013_9_windows_sysmon_RawAccessRead	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
562	event_data.User	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0013_9_windows_sysmon_RawAccessRead	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
563	event_data.CommandLine	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0013_9_windows_sysmon_RawAccessRead	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
564	event_data.ParentImage	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0013_9_windows_sysmon_RawAccessRead	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
565	IntegrityLevel	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0013_9_windows_sysmon_RawAccessRead	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
566	User	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0013_9_windows_sysmon_RawAccessRead	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
567	CommandLine	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0013_9_windows_sysmon_RawAccessRead	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
568	ParentImage	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0013_9_windows_sysmon_RawAccessRead	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
569	event_data.IntegrityLevel	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0017_13_windows_sysmon_RegistryEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
570	event_data.User	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0017_13_windows_sysmon_RegistryEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
571	event_data.CommandLine	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0017_13_windows_sysmon_RegistryEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
572	event_data.ParentImage	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0017_13_windows_sysmon_RegistryEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
573	IntegrityLevel	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0017_13_windows_sysmon_RegistryEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
574	User	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0017_13_windows_sysmon_RegistryEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
575	CommandLine	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0017_13_windows_sysmon_RegistryEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
576	ParentImage	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0017_13_windows_sysmon_RegistryEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
577	event_data.IntegrityLevel	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0006_2_windows_sysmon_process_changed_a_file_creation_time	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
578	event_data.User	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0006_2_windows_sysmon_process_changed_a_file_creation_time	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
579	event_data.CommandLine	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0006_2_windows_sysmon_process_changed_a_file_creation_time	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
580	event_data.ParentImage	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0006_2_windows_sysmon_process_changed_a_file_creation_time	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
581	IntegrityLevel	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0006_2_windows_sysmon_process_changed_a_file_creation_time	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
582	User	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0006_2_windows_sysmon_process_changed_a_file_creation_time	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
583	CommandLine	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0006_2_windows_sysmon_process_changed_a_file_creation_time	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
584	ParentImage	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0006_2_windows_sysmon_process_changed_a_file_creation_time	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
585	event_data.IntegrityLevel	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0011_7_windows_sysmon_image_loaded	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
586	event_data.User	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0011_7_windows_sysmon_image_loaded	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
587	event_data.CommandLine	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0011_7_windows_sysmon_image_loaded	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
588	event_data.ParentImage	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0011_7_windows_sysmon_image_loaded	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
589	IntegrityLevel	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0011_7_windows_sysmon_image_loaded	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
590	User	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0011_7_windows_sysmon_image_loaded	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
591	CommandLine	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0011_7_windows_sysmon_image_loaded	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
592	ParentImage	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0011_7_windows_sysmon_image_loaded	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
593	event_data.IntegrityLevel	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0016_12_windows_sysmon_RegistryEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
594	event_data.User	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0016_12_windows_sysmon_RegistryEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
595	event_data.CommandLine	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0016_12_windows_sysmon_RegistryEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
596	event_data.ParentImage	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0016_12_windows_sysmon_RegistryEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
597	IntegrityLevel	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0016_12_windows_sysmon_RegistryEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
598	User	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0016_12_windows_sysmon_RegistryEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
599	CommandLine	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0016_12_windows_sysmon_RegistryEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
600	ParentImage	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0016_12_windows_sysmon_RegistryEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
601	event_data.IntegrityLevel	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0021_18_windows_sysmon_PipeEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
602	event_data.User	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0021_18_windows_sysmon_PipeEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
603	event_data.CommandLine	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0021_18_windows_sysmon_PipeEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
604	event_data.ParentImage	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0021_18_windows_sysmon_PipeEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
605	IntegrityLevel	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0021_18_windows_sysmon_PipeEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
606	User	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0021_18_windows_sysmon_PipeEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
607	CommandLine	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0021_18_windows_sysmon_PipeEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
608	ParentImage	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0021_18_windows_sysmon_PipeEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
609	event_data.IntegrityLevel	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0018_14_windows_sysmon_RegistryEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
610	event_data.User	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0018_14_windows_sysmon_RegistryEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
611	event_data.CommandLine	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0018_14_windows_sysmon_RegistryEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
612	event_data.ParentImage	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0018_14_windows_sysmon_RegistryEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
613	IntegrityLevel	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0018_14_windows_sysmon_RegistryEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
614	User	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0018_14_windows_sysmon_RegistryEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
615	CommandLine	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0018_14_windows_sysmon_RegistryEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
616	ParentImage	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0018_14_windows_sysmon_RegistryEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
617	event_data.IntegrityLevel	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0020_17_windows_sysmon_PipeEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
618	event_data.User	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0020_17_windows_sysmon_PipeEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
619	event_data.CommandLine	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0020_17_windows_sysmon_PipeEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
620	event_data.ParentImage	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0020_17_windows_sysmon_PipeEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
621	IntegrityLevel	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0020_17_windows_sysmon_PipeEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
622	User	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0020_17_windows_sysmon_PipeEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
623	CommandLine	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0020_17_windows_sysmon_PipeEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info
624	ParentImage	OS Logs	Windows	Applications and Services Logs	Microsoft-Windows-Sysmon/Operational	Microsoft-Windows-Sysmon	DN_0020_17_windows_sysmon_PipeEvent	EN_0003_enrich_other_sysmon_events_with_event_id_1_data	EN_0001_cache_sysmon_event_id_1_info

101 KiB Raw Blame History

101 KiB

Raw Blame History