mirror of
https://github.com/Yamato-Security/WELA.git
synced 2025-12-06 17:22:50 +01:00
Automated update
This commit is contained in:
github-actions[bot]
69
config/eid_subcategory_mapping-org.csv
Normal file
69
config/eid_subcategory_mapping-org.csv
Normal file
@@ -0,0 +1,69 @@
|
||||
"Category","Subcategory","GUID"
|
||||
"System","","69979848-797A-11D9-BED3-505054503030"
|
||||
"System","Security State Change","0CCE9210-69AE-11D9-BED3-505054503030"
|
||||
"System","Security System Extension","0CCE9211-69AE-11D9-BED3-505054503030"
|
||||
"System","System Integrity","0CCE9212-69AE-11D9-BED3-505054503030"
|
||||
"System","IPsec Driver","0CCE9213-69AE-11D9-BED3-505054503030"
|
||||
"System","Other System Events","0CCE9214-69AE-11D9-BED3-505054503030"
|
||||
"Logon/Logoff","","69979849-797A-11D9-BED3-505054503030"
|
||||
"Logon/Logoff","Logon","0CCE9215-69AE-11D9-BED3-505054503030"
|
||||
"Logon/Logoff","Logoff","0CCE9216-69AE-11D9-BED3-505054503030"
|
||||
"Logon/Logoff","Account Lockout","0CCE9217-69AE-11D9-BED3-505054503030"
|
||||
"Logon/Logoff","IPsec Main Mode","0CCE9218-69AE-11D9-BED3-505054503030"
|
||||
"Logon/Logoff","IPsec Quick Mode","0CCE9219-69AE-11D9-BED3-505054503030"
|
||||
"Logon/Logoff","IPsec Extended Mode","0CCE921A-69AE-11D9-BED3-505054503030"
|
||||
"Logon/Logoff","Special Logon","0CCE921B-69AE-11D9-BED3-505054503030"
|
||||
"Logon/Logoff","Other Logon/Logoff Events","0CCE921C-69AE-11D9-BED3-505054503030"
|
||||
"Logon/Logoff","Network Policy Server","0CCE9243-69AE-11D9-BED3-505054503030"
|
||||
"Logon/Logoff","User / Device Claims","0CCE9247-69AE-11D9-BED3-505054503030"
|
||||
"Logon/Logoff","Group Membership","0CCE9249-69AE-11D9-BED3-505054503030"
|
||||
"Object Access","","6997984A-797A-11D9-BED3-505054503030"
|
||||
"Object Access","File System","0CCE921D-69AE-11D9-BED3-505054503030"
|
||||
"Object Access","Registry","0CCE921E-69AE-11D9-BED3-505054503030"
|
||||
"Object Access","Kernel Object","0CCE921F-69AE-11D9-BED3-505054503030"
|
||||
"Object Access","SAM","0CCE9220-69AE-11D9-BED3-505054503030"
|
||||
"Object Access","Certification Services","0CCE9221-69AE-11D9-BED3-505054503030"
|
||||
"Object Access","Application Generated","0CCE9222-69AE-11D9-BED3-505054503030"
|
||||
"Object Access","Handle Manipulation","0CCE9223-69AE-11D9-BED3-505054503030"
|
||||
"Object Access","File Share","0CCE9224-69AE-11D9-BED3-505054503030"
|
||||
"Object Access","Filtering Platform Packet Drop","0CCE9225-69AE-11D9-BED3-505054503030"
|
||||
"Object Access","Filtering Platform Connection","0CCE9226-69AE-11D9-BED3-505054503030"
|
||||
"Object Access","Other Object Access Events","0CCE9227-69AE-11D9-BED3-505054503030"
|
||||
"Object Access","Detailed File Share","0CCE9244-69AE-11D9-BED3-505054503030"
|
||||
"Object Access","Removable Storage","0CCE9245-69AE-11D9-BED3-505054503030"
|
||||
"Object Access","Central Policy Staging","0CCE9246-69AE-11D9-BED3-505054503030"
|
||||
"Privilege Use","","6997984B-797A-11D9-BED3-505054503030"
|
||||
"Privilege Use","Sensitive Privilege Use","0CCE9228-69AE-11D9-BED3-505054503030"
|
||||
"Privilege Use","Non Sensitive Privilege Use","0CCE9229-69AE-11D9-BED3-505054503030"
|
||||
"Privilege Use","Other Privilege Use Events","0CCE922A-69AE-11D9-BED3-505054503030"
|
||||
"Detailed Tracking","","6997984C-797A-11D9-BED3-505054503030"
|
||||
"Detailed Tracking","Process Creation","0CCE922B-69AE-11D9-BED3-505054503030"
|
||||
"Detailed Tracking","Process Termination","0CCE922C-69AE-11D9-BED3-505054503030"
|
||||
"Detailed Tracking","DPAPI Activity","0CCE922D-69AE-11D9-BED3-505054503030"
|
||||
"Detailed Tracking","RPC Events","0CCE922E-69AE-11D9-BED3-505054503030"
|
||||
"Detailed Tracking","Plug and Play Events","0CCE9248-69AE-11D9-BED3-505054503030"
|
||||
"Detailed Tracking","Token Right Adjusted Events","0CCE924A-69AE-11D9-BED3-505054503030"
|
||||
"Policy Change","","6997984D-797A-11D9-BED3-505054503030"
|
||||
"Policy Change","Audit Policy Change","0CCE922F-69AE-11D9-BED3-505054503030"
|
||||
"Policy Change","Authentication Policy Change","0CCE9230-69AE-11D9-BED3-505054503030"
|
||||
"Policy Change","Authorization Policy Change","0CCE9231-69AE-11D9-BED3-505054503030"
|
||||
"Policy Change","MPSSVC Rule-Level Policy Change","0CCE9232-69AE-11D9-BED3-505054503030"
|
||||
"Policy Change","Filtering Platform Policy Change","0CCE9233-69AE-11D9-BED3-505054503030"
|
||||
"Policy Change","Other Policy Change Events","0CCE9234-69AE-11D9-BED3-505054503030"
|
||||
"Account Management","","6997984E-797A-11D9-BED3-505054503030"
|
||||
"Account Management","User Account Management","0CCE9235-69AE-11D9-BED3-505054503030"
|
||||
"Account Management","Computer Account Management","0CCE9236-69AE-11D9-BED3-505054503030"
|
||||
"Account Management","Security Group Management","0CCE9237-69AE-11D9-BED3-505054503030"
|
||||
"Account Management","Distribution Group Management","0CCE9238-69AE-11D9-BED3-505054503030"
|
||||
"Account Management","Application Group Management","0CCE9239-69AE-11D9-BED3-505054503030"
|
||||
"Account Management","Other Account Management Events","0CCE923A-69AE-11D9-BED3-505054503030"
|
||||
"DS Access","","6997984F-797A-11D9-BED3-505054503030"
|
||||
"DS Access","Directory Service Access","0CCE923B-69AE-11D9-BED3-505054503030"
|
||||
"DS Access","Directory Service Changes","0CCE923C-69AE-11D9-BED3-505054503030"
|
||||
"DS Access","Directory Service Replication","0CCE923D-69AE-11D9-BED3-505054503030"
|
||||
"DS Access","Detailed Directory Service Replication","0CCE923E-69AE-11D9-BED3-505054503030"
|
||||
"Account Logon","","69979850-797A-11D9-BED3-505054503030"
|
||||
"Account Logon","Credential Validation","0CCE923F-69AE-11D9-BED3-505054503030"
|
||||
"Account Logon","Kerberos Service Ticket Operations","0CCE9240-69AE-11D9-BED3-505054503030"
|
||||
"Account Logon","Other Account Logon Events","0CCE9241-69AE-11D9-BED3-505054503030"
|
||||
"Account Logon","Kerberos Authentication Service","0CCE9242-69AE-11D9-BED3-505054503030"
|
||||
|
Reference in New Issue
Block a user