diff --git a/config/eid_subcategory_mapping.csv b/config/eid_subcategory_mapping.csv
new file mode 100644
index 00000000..0c47c4d0
--- /dev/null
+++ b/config/eid_subcategory_mapping.csv
@@ -0,0 +1,431 @@
+"Event ID","Category","Subcategory","GUID"
+"",System",,"69979848-797A-11D9-BED3-505054503030"
+"4608",System","Security State Change","0CCE9210-69AE-11D9-BED3-505054503030"
+"4616",System","Security State Change","0CCE9210-69AE-11D9-BED3-505054503030"
+"4621",System","Security State Change","0CCE9210-69AE-11D9-BED3-505054503030"
+"4610",System","Security System Extension","0CCE9211-69AE-11D9-BED3-505054503030"
+"4611",System","Security System Extension","0CCE9211-69AE-11D9-BED3-505054503030"
+"4614",System","Security System Extension","0CCE9211-69AE-11D9-BED3-505054503030"
+"4622",System","Security System Extension","0CCE9211-69AE-11D9-BED3-505054503030"
+"4697",System","Security System Extension","0CCE9211-69AE-11D9-BED3-505054503030"
+"4612",System","System Integrity","0CCE9212-69AE-11D9-BED3-505054503030"
+"4615",System","System Integrity","0CCE9212-69AE-11D9-BED3-505054503030"
+"4618",System","System Integrity","0CCE9212-69AE-11D9-BED3-505054503030"
+"4816",System","System Integrity","0CCE9212-69AE-11D9-BED3-505054503030"
+"5038",System","System Integrity","0CCE9212-69AE-11D9-BED3-505054503030"
+"5056",System","System Integrity","0CCE9212-69AE-11D9-BED3-505054503030"
+"5057",System","System Integrity","0CCE9212-69AE-11D9-BED3-505054503030"
+"5060",System","System Integrity","0CCE9212-69AE-11D9-BED3-505054503030"
+"5061",System","System Integrity","0CCE9212-69AE-11D9-BED3-505054503030"
+"5062",System","System Integrity","0CCE9212-69AE-11D9-BED3-505054503030"
+"6281",System","System Integrity","0CCE9212-69AE-11D9-BED3-505054503030"
+"6410",System","System Integrity","0CCE9212-69AE-11D9-BED3-505054503030"
+"4960",System","IPsec Driver","0CCE9213-69AE-11D9-BED3-505054503030"
+"4961",System","IPsec Driver","0CCE9213-69AE-11D9-BED3-505054503030"
+"4962",System","IPsec Driver","0CCE9213-69AE-11D9-BED3-505054503030"
+"4963",System","IPsec Driver","0CCE9213-69AE-11D9-BED3-505054503030"
+"4965",System","IPsec Driver","0CCE9213-69AE-11D9-BED3-505054503030"
+"5478",System","IPsec Driver","0CCE9213-69AE-11D9-BED3-505054503030"
+"5479",System","IPsec Driver","0CCE9213-69AE-11D9-BED3-505054503030"
+"5480",System","IPsec Driver","0CCE9213-69AE-11D9-BED3-505054503030"
+"5483",System","IPsec Driver","0CCE9213-69AE-11D9-BED3-505054503030"
+"5484",System","IPsec Driver","0CCE9213-69AE-11D9-BED3-505054503030"
+"5485",System","IPsec Driver","0CCE9213-69AE-11D9-BED3-505054503030"
+"5024",System","Other System Events","0CCE9214-69AE-11D9-BED3-505054503030"
+"5025",System","Other System Events","0CCE9214-69AE-11D9-BED3-505054503030"
+"5027",System","Other System Events","0CCE9214-69AE-11D9-BED3-505054503030"
+"5028",System","Other System Events","0CCE9214-69AE-11D9-BED3-505054503030"
+"5029",System","Other System Events","0CCE9214-69AE-11D9-BED3-505054503030"
+"5030",System","Other System Events","0CCE9214-69AE-11D9-BED3-505054503030"
+"5032",System","Other System Events","0CCE9214-69AE-11D9-BED3-505054503030"
+"5033",System","Other System Events","0CCE9214-69AE-11D9-BED3-505054503030"
+"5034",System","Other System Events","0CCE9214-69AE-11D9-BED3-505054503030"
+"5035",System","Other System Events","0CCE9214-69AE-11D9-BED3-505054503030"
+"5037",System","Other System Events","0CCE9214-69AE-11D9-BED3-505054503030"
+"5058",System","Other System Events","0CCE9214-69AE-11D9-BED3-505054503030"
+"5059",System","Other System Events","0CCE9214-69AE-11D9-BED3-505054503030"
+"6400",System","Other System Events","0CCE9214-69AE-11D9-BED3-505054503030"
+"6401",System","Other System Events","0CCE9214-69AE-11D9-BED3-505054503030"
+"6402",System","Other System Events","0CCE9214-69AE-11D9-BED3-505054503030"
+"6403",System","Other System Events","0CCE9214-69AE-11D9-BED3-505054503030"
+"6405",System","Other System Events","0CCE9214-69AE-11D9-BED3-505054503030"
+"6406",System","Other System Events","0CCE9214-69AE-11D9-BED3-505054503030"
+"6407",System","Other System Events","0CCE9214-69AE-11D9-BED3-505054503030"
+"6408",System","Other System Events","0CCE9214-69AE-11D9-BED3-505054503030"
+"6409",System","Other System Events","0CCE9214-69AE-11D9-BED3-505054503030"
+"4608",Logon/Logoff",,"69979849-797A-11D9-BED3-505054503030"
+"4616",Logon/Logoff",,"69979849-797A-11D9-BED3-505054503030"
+"4621",Logon/Logoff",,"69979849-797A-11D9-BED3-505054503030"
+"4624",Logon/Logoff","Logon","0CCE9215-69AE-11D9-BED3-505054503030"
+"4625",Logon/Logoff","Logon","0CCE9215-69AE-11D9-BED3-505054503030"
+"4648",Logon/Logoff","Logon","0CCE9215-69AE-11D9-BED3-505054503030"
+"4675",Logon/Logoff","Logon","0CCE9215-69AE-11D9-BED3-505054503030"
+"4634",Logon/Logoff","Logoff","0CCE9216-69AE-11D9-BED3-505054503030"
+"4647",Logon/Logoff","Logoff","0CCE9216-69AE-11D9-BED3-505054503030"
+"4625",Logon/Logoff","Account Lockout","0CCE9217-69AE-11D9-BED3-505054503030"
+"4646",Logon/Logoff","IPsec Main Mode","0CCE9218-69AE-11D9-BED3-505054503030"
+"4650",Logon/Logoff","IPsec Main Mode","0CCE9218-69AE-11D9-BED3-505054503030"
+"4651",Logon/Logoff","IPsec Main Mode","0CCE9218-69AE-11D9-BED3-505054503030"
+"4652",Logon/Logoff","IPsec Main Mode","0CCE9218-69AE-11D9-BED3-505054503030"
+"4653",Logon/Logoff","IPsec Main Mode","0CCE9218-69AE-11D9-BED3-505054503030"
+"4655",Logon/Logoff","IPsec Main Mode","0CCE9218-69AE-11D9-BED3-505054503030"
+"4976",Logon/Logoff","IPsec Main Mode","0CCE9218-69AE-11D9-BED3-505054503030"
+"5049",Logon/Logoff","IPsec Main Mode","0CCE9218-69AE-11D9-BED3-505054503030"
+"5453",Logon/Logoff","IPsec Main Mode","0CCE9218-69AE-11D9-BED3-505054503030"
+"4977",Logon/Logoff","IPsec Quick Mode","0CCE9219-69AE-11D9-BED3-505054503030"
+"5451",Logon/Logoff","IPsec Quick Mode","0CCE9219-69AE-11D9-BED3-505054503030"
+"5452",Logon/Logoff","IPsec Quick Mode","0CCE9219-69AE-11D9-BED3-505054503030"
+"4978",Logon/Logoff","IPsec Extended Mode","0CCE921A-69AE-11D9-BED3-505054503030"
+"4979",Logon/Logoff","IPsec Extended Mode","0CCE921A-69AE-11D9-BED3-505054503030"
+"4980",Logon/Logoff","IPsec Extended Mode","0CCE921A-69AE-11D9-BED3-505054503030"
+"4981",Logon/Logoff","IPsec Extended Mode","0CCE921A-69AE-11D9-BED3-505054503030"
+"4982",Logon/Logoff","IPsec Extended Mode","0CCE921A-69AE-11D9-BED3-505054503030"
+"4983",Logon/Logoff","IPsec Extended Mode","0CCE921A-69AE-11D9-BED3-505054503030"
+"4984",Logon/Logoff","IPsec Extended Mode","0CCE921A-69AE-11D9-BED3-505054503030"
+"4672",Logon/Logoff","Special Logon","0CCE921B-69AE-11D9-BED3-505054503030"
+"4964",Logon/Logoff","Special Logon","0CCE921B-69AE-11D9-BED3-505054503030"
+"4649",Logon/Logoff","Other Logon/Logoff Events","0CCE921C-69AE-11D9-BED3-505054503030"
+"4778",Logon/Logoff","Other Logon/Logoff Events","0CCE921C-69AE-11D9-BED3-505054503030"
+"4779",Logon/Logoff","Other Logon/Logoff Events","0CCE921C-69AE-11D9-BED3-505054503030"
+"4800",Logon/Logoff","Other Logon/Logoff Events","0CCE921C-69AE-11D9-BED3-505054503030"
+"4801",Logon/Logoff","Other Logon/Logoff Events","0CCE921C-69AE-11D9-BED3-505054503030"
+"4802",Logon/Logoff","Other Logon/Logoff Events","0CCE921C-69AE-11D9-BED3-505054503030"
+"4803",Logon/Logoff","Other Logon/Logoff Events","0CCE921C-69AE-11D9-BED3-505054503030"
+"5378",Logon/Logoff","Other Logon/Logoff Events","0CCE921C-69AE-11D9-BED3-505054503030"
+"5632",Logon/Logoff","Other Logon/Logoff Events","0CCE921C-69AE-11D9-BED3-505054503030"
+"5633",Logon/Logoff","Other Logon/Logoff Events","0CCE921C-69AE-11D9-BED3-505054503030"
+"6272",Logon/Logoff","Network Policy Server","0CCE9243-69AE-11D9-BED3-505054503030"
+"6273",Logon/Logoff","Network Policy Server","0CCE9243-69AE-11D9-BED3-505054503030"
+"6274",Logon/Logoff","Network Policy Server","0CCE9243-69AE-11D9-BED3-505054503030"
+"6275",Logon/Logoff","Network Policy Server","0CCE9243-69AE-11D9-BED3-505054503030"
+"6276",Logon/Logoff","Network Policy Server","0CCE9243-69AE-11D9-BED3-505054503030"
+"6277",Logon/Logoff","Network Policy Server","0CCE9243-69AE-11D9-BED3-505054503030"
+"6278",Logon/Logoff","Network Policy Server","0CCE9243-69AE-11D9-BED3-505054503030"
+"6279",Logon/Logoff","Network Policy Server","0CCE9243-69AE-11D9-BED3-505054503030"
+"6280",Logon/Logoff","Network Policy Server","0CCE9243-69AE-11D9-BED3-505054503030"
+"4626",Logon/Logoff","User / Device Claims","0CCE9247-69AE-11D9-BED3-505054503030"
+"4627",Logon/Logoff","Group Membership","0CCE9249-69AE-11D9-BED3-505054503030"
+"",Object Access",,"6997984A-797A-11D9-BED3-505054503030"
+"4656",Object Access","File System","0CCE921D-69AE-11D9-BED3-505054503030"
+"4658",Object Access","File System","0CCE921D-69AE-11D9-BED3-505054503030"
+"4660",Object Access","File System","0CCE921D-69AE-11D9-BED3-505054503030"
+"4663",Object Access","File System","0CCE921D-69AE-11D9-BED3-505054503030"
+"4664",Object Access","File System","0CCE921D-69AE-11D9-BED3-505054503030"
+"4985",Object Access","File System","0CCE921D-69AE-11D9-BED3-505054503030"
+"5051",Object Access","File System","0CCE921D-69AE-11D9-BED3-505054503030"
+"4670",Object Access","File System","0CCE921D-69AE-11D9-BED3-505054503030"
+"4663",Object Access","Registry","0CCE921E-69AE-11D9-BED3-505054503030"
+"4656",Object Access","Registry","0CCE921E-69AE-11D9-BED3-505054503030"
+"4658",Object Access","Registry","0CCE921E-69AE-11D9-BED3-505054503030"
+"4660",Object Access","Registry","0CCE921E-69AE-11D9-BED3-505054503030"
+"4657",Object Access","Registry","0CCE921E-69AE-11D9-BED3-505054503030"
+"5039",Object Access","Registry","0CCE921E-69AE-11D9-BED3-505054503030"
+"4670",Object Access","Registry","0CCE921E-69AE-11D9-BED3-505054503030"
+"4656",Object Access","Kernel Object","0CCE921F-69AE-11D9-BED3-505054503030"
+"4658",Object Access","Kernel Object","0CCE921F-69AE-11D9-BED3-505054503030"
+"4660",Object Access","Kernel Object","0CCE921F-69AE-11D9-BED3-505054503030"
+"4663",Object Access","Kernel Object","0CCE921F-69AE-11D9-BED3-505054503030"
+"4661",Object Access","SAM","0CCE9220-69AE-11D9-BED3-505054503030"
+"4868",Object Access","Certification Services","0CCE9221-69AE-11D9-BED3-505054503030"
+"4869",Object Access","Certification Services","0CCE9221-69AE-11D9-BED3-505054503030"
+"4870",Object Access","Certification Services","0CCE9221-69AE-11D9-BED3-505054503030"
+"4871",Object Access","Certification Services","0CCE9221-69AE-11D9-BED3-505054503030"
+"4872",Object Access","Certification Services","0CCE9221-69AE-11D9-BED3-505054503030"
+"4873",Object Access","Certification Services","0CCE9221-69AE-11D9-BED3-505054503030"
+"4874",Object Access","Certification Services","0CCE9221-69AE-11D9-BED3-505054503030"
+"4875",Object Access","Certification Services","0CCE9221-69AE-11D9-BED3-505054503030"
+"4876",Object Access","Certification Services","0CCE9221-69AE-11D9-BED3-505054503030"
+"4877",Object Access","Certification Services","0CCE9221-69AE-11D9-BED3-505054503030"
+"4878",Object Access","Certification Services","0CCE9221-69AE-11D9-BED3-505054503030"
+"4879",Object Access","Certification Services","0CCE9221-69AE-11D9-BED3-505054503030"
+"4880",Object Access","Certification Services","0CCE9221-69AE-11D9-BED3-505054503030"
+"4881",Object Access","Certification Services","0CCE9221-69AE-11D9-BED3-505054503030"
+"4882",Object Access","Certification Services","0CCE9221-69AE-11D9-BED3-505054503030"
+"4883",Object Access","Certification Services","0CCE9221-69AE-11D9-BED3-505054503030"
+"4884",Object Access","Certification Services","0CCE9221-69AE-11D9-BED3-505054503030"
+"4885",Object Access","Certification Services","0CCE9221-69AE-11D9-BED3-505054503030"
+"4886",Object Access","Certification Services","0CCE9221-69AE-11D9-BED3-505054503030"
+"4887",Object Access","Certification Services","0CCE9221-69AE-11D9-BED3-505054503030"
+"4888",Object Access","Certification Services","0CCE9221-69AE-11D9-BED3-505054503030"
+"4889",Object Access","Certification Services","0CCE9221-69AE-11D9-BED3-505054503030"
+"4890",Object Access","Certification Services","0CCE9221-69AE-11D9-BED3-505054503030"
+"4891,Object Access","Certification Services","0CCE9221-69AE-11D9-BED3-505054503030"
+"4892,Object Access","Certification Services","0CCE9221-69AE-11D9-BED3-505054503030"
+"4893,Object Access","Certification Services","0CCE9221-69AE-11D9-BED3-505054503030"
+"4894,Object Access","Certification Services","0CCE9221-69AE-11D9-BED3-505054503030"
+"4895,Object Access","Certification Services","0CCE9221-69AE-11D9-BED3-505054503030"
+"4896,Object Access","Certification Services","0CCE9221-69AE-11D9-BED3-505054503030"
+"4897,Object Access","Certification Services","0CCE9221-69AE-11D9-BED3-505054503030"
+"4898,Object Access","Certification Services","0CCE9221-69AE-11D9-BED3-505054503030"
+"4665",Object Access","Application Generated","0CCE9222-69AE-11D9-BED3-505054503030"
+"4666",Object Access","Application Generated","0CCE9222-69AE-11D9-BED3-505054503030"
+"4667",Object Access","Application Generated","0CCE9222-69AE-11D9-BED3-505054503030"
+"4668",Object Access","Application Generated","0CCE9222-69AE-11D9-BED3-505054503030"
+"4658",Object Access","Handle Manipulation","0CCE9223-69AE-11D9-BED3-505054503030"
+"4690",Object Access","Handle Manipulation","0CCE9223-69AE-11D9-BED3-505054503030"
+"4658",Object Access","Handle Manipulation","0CCE9223-69AE-11D9-BED3-505054503030"
+"5140",Object Access","File Share","0CCE9224-69AE-11D9-BED3-505054503030"
+"5142",Object Access","File Share","0CCE9224-69AE-11D9-BED3-505054503030"
+"5143",Object Access","File Share","0CCE9224-69AE-11D9-BED3-505054503030"
+"5144",Object Access","File Share","0CCE9224-69AE-11D9-BED3-505054503030"
+"5168",Object Access","File Share","0CCE9224-69AE-11D9-BED3-505054503030"
+"5152",Object Access","Filtering Platform Packet Drop","0CCE9225-69AE-11D9-BED3-505054503030"
+"5153",Object Access","Filtering Platform Packet Drop","0CCE9225-69AE-11D9-BED3-505054503030"
+"4671",Object Access","Filtering Platform Connection","0CCE9226-69AE-11D9-BED3-505054503030"
+"4691",Object Access","Filtering Platform Connection","0CCE9226-69AE-11D9-BED3-505054503030"
+"5148",Object Access","Filtering Platform Connection","0CCE9226-69AE-11D9-BED3-505054503030"
+"5149",Object Access","Filtering Platform Connection","0CCE9226-69AE-11D9-BED3-505054503030"
+"4698",Object Access","Filtering Platform Connection","0CCE9226-69AE-11D9-BED3-505054503030"
+"4699",Object Access","Filtering Platform Connection","0CCE9226-69AE-11D9-BED3-505054503030"
+"4700",Object Access","Filtering Platform Connection","0CCE9226-69AE-11D9-BED3-505054503030"
+"4701",Object Access","Filtering Platform Connection","0CCE9226-69AE-11D9-BED3-505054503030"
+"4702",Object Access","Filtering Platform Connection","0CCE9226-69AE-11D9-BED3-505054503030"
+"5888",Object Access","Filtering Platform Connection","0CCE9226-69AE-11D9-BED3-505054503030"
+"5889",Object Access","Filtering Platform Connection","0CCE9226-69AE-11D9-BED3-505054503030"
+"5890",Object Access","Filtering Platform Connection","0CCE9226-69AE-11D9-BED3-505054503030"
+"4671",Object Access","Other Object Access Events","0CCE9227-69AE-11D9-BED3-505054503030"
+"4691",Object Access","Other Object Access Events","0CCE9227-69AE-11D9-BED3-505054503030"
+"5148",Object Access","Other Object Access Events","0CCE9227-69AE-11D9-BED3-505054503030"
+"5149",Object Access","Other Object Access Events","0CCE9227-69AE-11D9-BED3-505054503030"
+"4698",Object Access","Other Object Access Events","0CCE9227-69AE-11D9-BED3-505054503030"
+"4699",Object Access","Other Object Access Events","0CCE9227-69AE-11D9-BED3-505054503030"
+"4700",Object Access","Other Object Access Events","0CCE9227-69AE-11D9-BED3-505054503030"
+"4701",Object Access","Other Object Access Events","0CCE9227-69AE-11D9-BED3-505054503030"
+"4702",Object Access","Other Object Access Events","0CCE9227-69AE-11D9-BED3-505054503030"
+"5888",Object Access","Other Object Access Events","0CCE9227-69AE-11D9-BED3-505054503030"
+"5889",Object Access","Other Object Access Events","0CCE9227-69AE-11D9-BED3-505054503030"
+"5890",Object Access","Other Object Access Events","0CCE9227-69AE-11D9-BED3-505054503030"
+"5145",Object Access","Detailed File Share","0CCE9244-69AE-11D9-BED3-505054503030"
+"4656",Object Access","Removable Storage","0CCE9245-69AE-11D9-BED3-505054503030"
+"4658",Object Access","Removable Storage","0CCE9245-69AE-11D9-BED3-505054503030"
+"4663",Object Access","Removable Storage","0CCE9245-69AE-11D9-BED3-505054503030"
+"",Object Access","Central Policy Staging","0CCE9246-69AE-11D9-BED3-505054503030"
+"",Privilege Use",,"6997984B-797A-11D9-BED3-505054503030"
+"4673",Privilege Use","Sensitive Privilege Use","0CCE9228-69AE-11D9-BED3-505054503030"
+"4574",Privilege Use","Sensitive Privilege Use","0CCE9228-69AE-11D9-BED3-505054503030"
+"4985",Privilege Use","Sensitive Privilege Use","0CCE9228-69AE-11D9-BED3-505054503030"
+"4673",Privilege Use","Non Sensitive Privilege Use","0CCE9229-69AE-11D9-BED3-505054503030"
+"4674",Privilege Use","Non Sensitive Privilege Use","0CCE9229-69AE-11D9-BED3-505054503030"
+"4985",Privilege Use","Non Sensitive Privilege Use","0CCE9229-69AE-11D9-BED3-505054503030"
+"4985",Privilege Use","Other Privilege Use Events","0CCE922A-69AE-11D9-BED3-505054503030"
+"",Detailed Tracking",,"6997984C-797A-11D9-BED3-505054503030"
+"4688",Detailed Tracking","Process Creation","0CCE922B-69AE-11D9-BED3-505054503030"
+"4696",Detailed Tracking","Process Creation","0CCE922B-69AE-11D9-BED3-505054503030"
+"4689",Detailed Tracking","Process Termination","0CCE922C-69AE-11D9-BED3-505054503030"
+"4692",Detailed Tracking","DPAPI Activity","0CCE922D-69AE-11D9-BED3-505054503030"
+"4693",Detailed Tracking","DPAPI Activity","0CCE922D-69AE-11D9-BED3-505054503030"
+"4694",Detailed Tracking","DPAPI Activity","0CCE922D-69AE-11D9-BED3-505054503030"
+"4695",Detailed Tracking","DPAPI Activity","0CCE922D-69AE-11D9-BED3-505054503030"
+"5712",Detailed Tracking","RPC Events","0CCE922E-69AE-11D9-BED3-505054503030"
+"6416",Detailed Tracking","Plug and Play Events","0CCE9248-69AE-11D9-BED3-505054503030"
+"6419",Detailed Tracking","Plug and Play Events","0CCE9248-69AE-11D9-BED3-505054503030"
+"6420",Detailed Tracking","Plug and Play Events","0CCE9248-69AE-11D9-BED3-505054503030"
+"6421",Detailed Tracking","Plug and Play Events","0CCE9248-69AE-11D9-BED3-505054503030"
+"6422",Detailed Tracking","Plug and Play Events","0CCE9248-69AE-11D9-BED3-505054503030"
+"6423",Detailed Tracking","Plug and Play Events","0CCE9248-69AE-11D9-BED3-505054503030"
+"6424",Detailed Tracking","Plug and Play Events","0CCE9248-69AE-11D9-BED3-505054503030"
+"4703",Detailed Tracking","Token Right Adjusted Events","0CCE924A-69AE-11D9-BED3-505054503030"
+"",Policy Change",,"6997984D-797A-11D9-BED3-505054503030"
+"4902",Policy Change","Audit Policy Change","0CCE922F-69AE-11D9-BED3-505054503030"
+"4907",Policy Change","Audit Policy Change","0CCE922F-69AE-11D9-BED3-505054503030"
+"4904",Policy Change","Audit Policy Change","0CCE922F-69AE-11D9-BED3-505054503030"
+"4905",Policy Change","Audit Policy Change","0CCE922F-69AE-11D9-BED3-505054503030"
+"4715",Policy Change","Audit Policy Change","0CCE922F-69AE-11D9-BED3-505054503030"
+"4719",Policy Change","Audit Policy Change","0CCE922F-69AE-11D9-BED3-505054503030"
+"4817",Policy Change","Audit Policy Change","0CCE922F-69AE-11D9-BED3-505054503030"
+"4902",Policy Change","Audit Policy Change","0CCE922F-69AE-11D9-BED3-505054503030"
+"4906",Policy Change","Audit Policy Change","0CCE922F-69AE-11D9-BED3-505054503030"
+"4907",Policy Change","Audit Policy Change","0CCE922F-69AE-11D9-BED3-505054503030"
+"4908",Policy Change","Audit Policy Change","0CCE922F-69AE-11D9-BED3-505054503030"
+"4912",Policy Change","Audit Policy Change","0CCE922F-69AE-11D9-BED3-505054503030"
+"4904",Policy Change","Audit Policy Change","0CCE922F-69AE-11D9-BED3-505054503030"
+"4905",Policy Change","Audit Policy Change","0CCE922F-69AE-11D9-BED3-505054503030"
+"4670",Policy Change","Authentication Policy Change","0CCE9230-69AE-11D9-BED3-505054503030"
+"4706",Policy Change","Authentication Policy Change","0CCE9230-69AE-11D9-BED3-505054503030"
+"4707",Policy Change","Authentication Policy Change","0CCE9230-69AE-11D9-BED3-505054503030"
+"4716",Policy Change","Authentication Policy Change","0CCE9230-69AE-11D9-BED3-505054503030"
+"4713",Policy Change","Authentication Policy Change","0CCE9230-69AE-11D9-BED3-505054503030"
+"4717",Policy Change","Authentication Policy Change","0CCE9230-69AE-11D9-BED3-505054503030"
+"4718",Policy Change","Authentication Policy Change","0CCE9230-69AE-11D9-BED3-505054503030"
+"4739",Policy Change","Authentication Policy Change","0CCE9230-69AE-11D9-BED3-505054503030"
+"4864",Policy Change","Authentication Policy Change","0CCE9230-69AE-11D9-BED3-505054503030"
+"4865",Policy Change","Authentication Policy Change","0CCE9230-69AE-11D9-BED3-505054503030"
+"4866",Policy Change","Authentication Policy Change","0CCE9230-69AE-11D9-BED3-505054503030"
+"4867",Policy Change","Authentication Policy Change","0CCE9230-69AE-11D9-BED3-505054503030"
+"4703",Policy Change","Authorization Policy Change","0CCE9231-69AE-11D9-BED3-505054503030"
+"4704",Policy Change","Authorization Policy Change","0CCE9231-69AE-11D9-BED3-505054503030"
+"4705",Policy Change","Authorization Policy Change","0CCE9231-69AE-11D9-BED3-505054503030"
+"4670",Policy Change","Authorization Policy Change","0CCE9231-69AE-11D9-BED3-505054503030"
+"4911",Policy Change","Authorization Policy Change","0CCE9231-69AE-11D9-BED3-505054503030"
+"4913",Policy Change","Authorization Policy Change","0CCE9231-69AE-11D9-BED3-505054503030"
+"4944",Policy Change","MPSSVC Rule-Level Policy Change","0CCE9232-69AE-11D9-BED3-505054503030"
+"4945",Policy Change","MPSSVC Rule-Level Policy Change","0CCE9232-69AE-11D9-BED3-505054503030"
+"4946",Policy Change","MPSSVC Rule-Level Policy Change","0CCE9232-69AE-11D9-BED3-505054503030"
+"4947",Policy Change","MPSSVC Rule-Level Policy Change","0CCE9232-69AE-11D9-BED3-505054503030"
+"4948",Policy Change","MPSSVC Rule-Level Policy Change","0CCE9232-69AE-11D9-BED3-505054503030"
+"4949",Policy Change","MPSSVC Rule-Level Policy Change","0CCE9232-69AE-11D9-BED3-505054503030"
+"4950",Policy Change","MPSSVC Rule-Level Policy Change","0CCE9232-69AE-11D9-BED3-505054503030"
+"4951",Policy Change","MPSSVC Rule-Level Policy Change","0CCE9232-69AE-11D9-BED3-505054503030"
+"4952",Policy Change","MPSSVC Rule-Level Policy Change","0CCE9232-69AE-11D9-BED3-505054503030"
+"4953",Policy Change","MPSSVC Rule-Level Policy Change","0CCE9232-69AE-11D9-BED3-505054503030"
+"4954",Policy Change","MPSSVC Rule-Level Policy Change","0CCE9232-69AE-11D9-BED3-505054503030"
+"4956",Policy Change","MPSSVC Rule-Level Policy Change","0CCE9232-69AE-11D9-BED3-505054503030"
+"4957",Policy Change","MPSSVC Rule-Level Policy Change","0CCE9232-69AE-11D9-BED3-505054503030"
+"4958",Policy Change","MPSSVC Rule-Level Policy Change","0CCE9232-69AE-11D9-BED3-505054503030"
+"4709",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"4710",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"4711",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"4712",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5040",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5041",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5042",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5043",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5044",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5045",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5046",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5047",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5048",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5440",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5441",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5442",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5443",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5444",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5446",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5448",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5449",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5450",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5456",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5457",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5458",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5459",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5460",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5461",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5462",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5463",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5464",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5465",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5466",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5467",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5468",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5471",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5472",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5473",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5474",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"5477",Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
+"4714",Policy Change","Other Policy Change Events","0CCE9234-69AE-11D9-BED3-505054503030"
+"4819",Policy Change","Other Policy Change Events","0CCE9234-69AE-11D9-BED3-505054503030"
+"4826",Policy Change","Other Policy Change Events","0CCE9234-69AE-11D9-BED3-505054503030"
+"4909",Policy Change","Other Policy Change Events","0CCE9234-69AE-11D9-BED3-505054503030"
+"4910",Policy Change","Other Policy Change Events","0CCE9234-69AE-11D9-BED3-505054503030"
+"5063",Policy Change","Other Policy Change Events","0CCE9234-69AE-11D9-BED3-505054503030"
+"5064",Policy Change","Other Policy Change Events","0CCE9234-69AE-11D9-BED3-505054503030"
+"5065",Policy Change","Other Policy Change Events","0CCE9234-69AE-11D9-BED3-505054503030"
+"5066",Policy Change","Other Policy Change Events","0CCE9234-69AE-11D9-BED3-505054503030"
+"5067",Policy Change","Other Policy Change Events","0CCE9234-69AE-11D9-BED3-505054503030"
+"5068",Policy Change","Other Policy Change Events","0CCE9234-69AE-11D9-BED3-505054503030"
+"5069",Policy Change","Other Policy Change Events","0CCE9234-69AE-11D9-BED3-505054503030"
+"5070",Policy Change","Other Policy Change Events","0CCE9234-69AE-11D9-BED3-505054503030"
+"5447",Policy Change","Other Policy Change Events","0CCE9234-69AE-11D9-BED3-505054503030"
+"6144",Policy Change","Other Policy Change Events","0CCE9234-69AE-11D9-BED3-505054503030"
+"6145",Policy Change","Other Policy Change Events","0CCE9234-69AE-11D9-BED3-505054503030"
+"",Account Management",,"6997984E-797A-11D9-BED3-505054503030"
+"4720",Account Management","User Account Management","0CCE9235-69AE-11D9-BED3-505054503030"
+"4722",Account Management","User Account Management","0CCE9235-69AE-11D9-BED3-505054503030"
+"4723",Account Management","User Account Management","0CCE9235-69AE-11D9-BED3-505054503030"
+"4724",Account Management","User Account Management","0CCE9235-69AE-11D9-BED3-505054503030"
+"4725",Account Management","User Account Management","0CCE9235-69AE-11D9-BED3-505054503030"
+"4726",Account Management","User Account Management","0CCE9235-69AE-11D9-BED3-505054503030"
+"4738",Account Management","User Account Management","0CCE9235-69AE-11D9-BED3-505054503030"
+"4740",Account Management","User Account Management","0CCE9235-69AE-11D9-BED3-505054503030"
+"4765",Account Management","User Account Management","0CCE9235-69AE-11D9-BED3-505054503030"
+"4766",Account Management","User Account Management","0CCE9235-69AE-11D9-BED3-505054503030"
+"4767",Account Management","User Account Management","0CCE9235-69AE-11D9-BED3-505054503030"
+"4780",Account Management","User Account Management","0CCE9235-69AE-11D9-BED3-505054503030"
+"4781",Account Management","User Account Management","0CCE9235-69AE-11D9-BED3-505054503030"
+"4794",Account Management","User Account Management","0CCE9235-69AE-11D9-BED3-505054503030"
+"4798",Account Management","User Account Management","0CCE9235-69AE-11D9-BED3-505054503030"
+"5376",Account Management","User Account Management","0CCE9235-69AE-11D9-BED3-505054503030"
+"5377",Account Management","User Account Management","0CCE9235-69AE-11D9-BED3-505054503030"
+"4741",Account Management","Computer Account Management","0CCE9236-69AE-11D9-BED3-505054503030"
+"4742",Account Management","Computer Account Management","0CCE9236-69AE-11D9-BED3-505054503030"
+"4743",Account Management","Computer Account Management","0CCE9236-69AE-11D9-BED3-505054503030"
+"4731",Account Management","Security Group Management","0CCE9237-69AE-11D9-BED3-505054503030"
+"4732",Account Management","Security Group Management","0CCE9237-69AE-11D9-BED3-505054503030"
+"4733",Account Management","Security Group Management","0CCE9237-69AE-11D9-BED3-505054503030"
+"4734",Account Management","Security Group Management","0CCE9237-69AE-11D9-BED3-505054503030"
+"4735",Account Management","Security Group Management","0CCE9237-69AE-11D9-BED3-505054503030"
+"4764",Account Management","Security Group Management","0CCE9237-69AE-11D9-BED3-505054503030"
+"4799",Account Management","Security Group Management","0CCE9237-69AE-11D9-BED3-505054503030"
+"4727",Account Management","Security Group Management","0CCE9237-69AE-11D9-BED3-505054503030"
+"4737",Account Management","Security Group Management","0CCE9237-69AE-11D9-BED3-505054503030"
+"4728",Account Management","Security Group Management","0CCE9237-69AE-11D9-BED3-505054503030"
+"4729",Account Management","Security Group Management","0CCE9237-69AE-11D9-BED3-505054503030"
+"4730",Account Management","Security Group Management","0CCE9237-69AE-11D9-BED3-505054503030"
+"4754",Account Management","Security Group Management","0CCE9237-69AE-11D9-BED3-505054503030"
+"4755",Account Management","Security Group Management","0CCE9237-69AE-11D9-BED3-505054503030"
+"4756",Account Management","Security Group Management","0CCE9237-69AE-11D9-BED3-505054503030"
+"4757",Account Management","Security Group Management","0CCE9237-69AE-11D9-BED3-505054503030"
+"4758",Account Management","Security Group Management","0CCE9237-69AE-11D9-BED3-505054503030"
+"4749",Account Management","Distribution Group Management","0CCE9238-69AE-11D9-BED3-505054503030"
+"4750",Account Management","Distribution Group Management","0CCE9238-69AE-11D9-BED3-505054503030"
+"4751",Account Management","Distribution Group Management","0CCE9238-69AE-11D9-BED3-505054503030"
+"4752",Account Management","Distribution Group Management","0CCE9238-69AE-11D9-BED3-505054503030"
+"4753",Account Management","Distribution Group Management","0CCE9238-69AE-11D9-BED3-505054503030"
+"4759",Account Management","Distribution Group Management","0CCE9238-69AE-11D9-BED3-505054503030"
+"4760",Account Management","Distribution Group Management","0CCE9238-69AE-11D9-BED3-505054503030"
+"4761",Account Management","Distribution Group Management","0CCE9238-69AE-11D9-BED3-505054503030"
+"4762",Account Management","Distribution Group Management","0CCE9238-69AE-11D9-BED3-505054503030"
+"4763",Account Management","Distribution Group Management","0CCE9238-69AE-11D9-BED3-505054503030"
+"4744",Account Management","Distribution Group Management","0CCE9238-69AE-11D9-BED3-505054503030"
+"4745",Account Management","Distribution Group Management","0CCE9238-69AE-11D9-BED3-505054503030"
+"4746",Account Management","Distribution Group Management","0CCE9238-69AE-11D9-BED3-505054503030"
+"4747",Account Management","Distribution Group Management","0CCE9238-69AE-11D9-BED3-505054503030"
+"4748",Account Management","Distribution Group Management","0CCE9238-69AE-11D9-BED3-505054503030"
+"4783",Account Management","Application Group Management","0CCE9239-69AE-11D9-BED3-505054503030"
+"4784",Account Management","Application Group Management","0CCE9239-69AE-11D9-BED3-505054503030"
+"4785",Account Management","Application Group Management","0CCE9239-69AE-11D9-BED3-505054503030"
+"4786",Account Management","Application Group Management","0CCE9239-69AE-11D9-BED3-505054503030"
+"4787",Account Management","Application Group Management","0CCE9239-69AE-11D9-BED3-505054503030"
+"4788",Account Management","Application Group Management","0CCE9239-69AE-11D9-BED3-505054503030"
+"4789",Account Management","Application Group Management","0CCE9239-69AE-11D9-BED3-505054503030"
+"4790",Account Management","Application Group Management","0CCE9239-69AE-11D9-BED3-505054503030"
+"4791",Account Management","Application Group Management","0CCE9239-69AE-11D9-BED3-505054503030"
+"4792",Account Management","Application Group Management","0CCE9239-69AE-11D9-BED3-505054503030"
+"4782",Account Management","Other Account Management Events","0CCE923A-69AE-11D9-BED3-505054503030"
+"4793",Account Management","Other Account Management Events","0CCE923A-69AE-11D9-BED3-505054503030"
+"",DS Access",,"6997984F-797A-11D9-BED3-505054503030"
+"4662",DS Access","Directory Service Access","0CCE923B-69AE-11D9-BED3-505054503030"
+"4661",DS Access","Directory Service Access","0CCE923B-69AE-11D9-BED3-505054503030"
+"4928",DS Access","Directory Service Changes","0CCE923C-69AE-11D9-BED3-505054503030"
+"4929",DS Access","Directory Service Changes","0CCE923C-69AE-11D9-BED3-505054503030"
+"4930",DS Access","Directory Service Changes","0CCE923C-69AE-11D9-BED3-505054503030"
+"4931",DS Access","Directory Service Changes","0CCE923C-69AE-11D9-BED3-505054503030"
+"4934",DS Access","Directory Service Changes","0CCE923C-69AE-11D9-BED3-505054503030"
+"4935",DS Access","Directory Service Changes","0CCE923C-69AE-11D9-BED3-505054503030"
+"4936",DS Access","Directory Service Changes","0CCE923C-69AE-11D9-BED3-505054503030"
+"4937",DS Access","Directory Service Changes","0CCE923C-69AE-11D9-BED3-505054503030"
+"4928",DS Access","Directory Service Replication","0CCE923D-69AE-11D9-BED3-505054503030"
+"4929",DS Access","Directory Service Replication","0CCE923D-69AE-11D9-BED3-505054503030"
+"4930",DS Access","Directory Service Replication","0CCE923D-69AE-11D9-BED3-505054503030"
+"4931",DS Access","Directory Service Replication","0CCE923D-69AE-11D9-BED3-505054503030"
+"4934",DS Access","Directory Service Replication","0CCE923D-69AE-11D9-BED3-505054503030"
+"4935",DS Access","Directory Service Replication","0CCE923D-69AE-11D9-BED3-505054503030"
+"4936",DS Access","Directory Service Replication","0CCE923D-69AE-11D9-BED3-505054503030"
+"4937",DS Access","Directory Service Replication","0CCE923D-69AE-11D9-BED3-505054503030"
+"4928",DS Access","Detailed Directory Service Replication","0CCE923E-69AE-11D9-BED3-505054503030"
+"4929",DS Access","Detailed Directory Service Replication","0CCE923E-69AE-11D9-BED3-505054503030"
+"4930",DS Access","Detailed Directory Service Replication","0CCE923E-69AE-11D9-BED3-505054503030"
+"4931",DS Access","Detailed Directory Service Replication","0CCE923E-69AE-11D9-BED3-505054503030"
+"4934",DS Access","Detailed Directory Service Replication","0CCE923E-69AE-11D9-BED3-505054503030"
+"4935",DS Access","Detailed Directory Service Replication","0CCE923E-69AE-11D9-BED3-505054503030"
+"4936",DS Access","Detailed Directory Service Replication","0CCE923E-69AE-11D9-BED3-505054503030"
+"4937",DS Access","Detailed Directory Service Replication","0CCE923E-69AE-11D9-BED3-505054503030"
+"",Account Logon",,"69979850-797A-11D9-BED3-505054503030"
+"",Account Logon","Credential Validation","0CCE923F-69AE-11D9-BED3-505054503030"
+"4769",Account Logon","Kerberos Service Ticket Operations","0CCE9240-69AE-11D9-BED3-505054503030"
+"4770",Account Logon","Kerberos Service Ticket Operations","0CCE9240-69AE-11D9-BED3-505054503030"
+"4773",Account Logon","Kerberos Service Ticket Operations","0CCE9240-69AE-11D9-BED3-505054503030"
+"",Account Logon","Other Account Logon Events","0CCE9241-69AE-11D9-BED3-505054503030"
+"4768",Account Logon","Kerberos Authentication Service","0CCE9242-69AE-11D9-BED3-505054503030"
+"4771",Account Logon","Kerberos Authentication Service","0CCE9242-69AE-11D9-BED3-505054503030"
+"4772",Account Logon","Kerberos Authentication Service","0CCE9242-69AE-11D9-BED3-505054503030"
\ No newline at end of file