mirror of
https://github.com/Yamato-Security/WELA.git
synced 2025-12-15 21:52:51 +01:00
5.1 KiB
5.1 KiB
| 1 | Category | Subcategory | GUID |
|---|---|---|---|
| 2 | System | 69979848-797A-11D9-BED3-505054503030 | |
| 3 | System | Security State Change | 0CCE9210-69AE-11D9-BED3-505054503030 |
| 4 | System | Security System Extension | 0CCE9211-69AE-11D9-BED3-505054503030 |
| 5 | System | System Integrity | 0CCE9212-69AE-11D9-BED3-505054503030 |
| 6 | System | IPsec Driver | 0CCE9213-69AE-11D9-BED3-505054503030 |
| 7 | System | Other System Events | 0CCE9214-69AE-11D9-BED3-505054503030 |
| 8 | Logon/Logoff | 69979849-797A-11D9-BED3-505054503030 | |
| 9 | Logon/Logoff | Logon | 0CCE9215-69AE-11D9-BED3-505054503030 |
| 10 | Logon/Logoff | Logoff | 0CCE9216-69AE-11D9-BED3-505054503030 |
| 11 | Logon/Logoff | Account Lockout | 0CCE9217-69AE-11D9-BED3-505054503030 |
| 12 | Logon/Logoff | IPsec Main Mode | 0CCE9218-69AE-11D9-BED3-505054503030 |
| 13 | Logon/Logoff | IPsec Quick Mode | 0CCE9219-69AE-11D9-BED3-505054503030 |
| 14 | Logon/Logoff | IPsec Extended Mode | 0CCE921A-69AE-11D9-BED3-505054503030 |
| 15 | Logon/Logoff | Special Logon | 0CCE921B-69AE-11D9-BED3-505054503030 |
| 16 | Logon/Logoff | Other Logon/Logoff Events | 0CCE921C-69AE-11D9-BED3-505054503030 |
| 17 | Logon/Logoff | Network Policy Server | 0CCE9243-69AE-11D9-BED3-505054503030 |
| 18 | Logon/Logoff | User / Device Claims | 0CCE9247-69AE-11D9-BED3-505054503030 |
| 19 | Logon/Logoff | Group Membership | 0CCE9249-69AE-11D9-BED3-505054503030 |
| 20 | Object Access | 6997984A-797A-11D9-BED3-505054503030 | |
| 21 | Object Access | File System | 0CCE921D-69AE-11D9-BED3-505054503030 |
| 22 | Object Access | Registry | 0CCE921E-69AE-11D9-BED3-505054503030 |
| 23 | Object Access | Kernel Object | 0CCE921F-69AE-11D9-BED3-505054503030 |
| 24 | Object Access | SAM | 0CCE9220-69AE-11D9-BED3-505054503030 |
| 25 | Object Access | Certification Services | 0CCE9221-69AE-11D9-BED3-505054503030 |
| 26 | Object Access | Application Generated | 0CCE9222-69AE-11D9-BED3-505054503030 |
| 27 | Object Access | Handle Manipulation | 0CCE9223-69AE-11D9-BED3-505054503030 |
| 28 | Object Access | File Share | 0CCE9224-69AE-11D9-BED3-505054503030 |
| 29 | Object Access | Filtering Platform Packet Drop | 0CCE9225-69AE-11D9-BED3-505054503030 |
| 30 | Object Access | Filtering Platform Connection | 0CCE9226-69AE-11D9-BED3-505054503030 |
| 31 | Object Access | Other Object Access Events | 0CCE9227-69AE-11D9-BED3-505054503030 |
| 32 | Object Access | Detailed File Share | 0CCE9244-69AE-11D9-BED3-505054503030 |
| 33 | Object Access | Removable Storage | 0CCE9245-69AE-11D9-BED3-505054503030 |
| 34 | Object Access | Central Policy Staging | 0CCE9246-69AE-11D9-BED3-505054503030 |
| 35 | Privilege Use | 6997984B-797A-11D9-BED3-505054503030 | |
| 36 | Privilege Use | Sensitive Privilege Use | 0CCE9228-69AE-11D9-BED3-505054503030 |
| 37 | Privilege Use | Non Sensitive Privilege Use | 0CCE9229-69AE-11D9-BED3-505054503030 |
| 38 | Privilege Use | Other Privilege Use Events | 0CCE922A-69AE-11D9-BED3-505054503030 |
| 39 | Detailed Tracking | 6997984C-797A-11D9-BED3-505054503030 | |
| 40 | Detailed Tracking | Process Creation | 0CCE922B-69AE-11D9-BED3-505054503030 |
| 41 | Detailed Tracking | Process Termination | 0CCE922C-69AE-11D9-BED3-505054503030 |
| 42 | Detailed Tracking | DPAPI Activity | 0CCE922D-69AE-11D9-BED3-505054503030 |
| 43 | Detailed Tracking | RPC Events | 0CCE922E-69AE-11D9-BED3-505054503030 |
| 44 | Detailed Tracking | Plug and Play Events | 0CCE9248-69AE-11D9-BED3-505054503030 |
| 45 | Detailed Tracking | Token Right Adjusted Events | 0CCE924A-69AE-11D9-BED3-505054503030 |
| 46 | Policy Change | 6997984D-797A-11D9-BED3-505054503030 | |
| 47 | Policy Change | Audit Policy Change | 0CCE922F-69AE-11D9-BED3-505054503030 |
| 48 | Policy Change | Authentication Policy Change | 0CCE9230-69AE-11D9-BED3-505054503030 |
| 49 | Policy Change | Authorization Policy Change | 0CCE9231-69AE-11D9-BED3-505054503030 |
| 50 | Policy Change | MPSSVC Rule-Level Policy Change | 0CCE9232-69AE-11D9-BED3-505054503030 |
| 51 | Policy Change | Filtering Platform Policy Change | 0CCE9233-69AE-11D9-BED3-505054503030 |
| 52 | Policy Change | Other Policy Change Events | 0CCE9234-69AE-11D9-BED3-505054503030 |
| 53 | Account Management | 6997984E-797A-11D9-BED3-505054503030 | |
| 54 | Account Management | User Account Management | 0CCE9235-69AE-11D9-BED3-505054503030 |
| 55 | Account Management | Computer Account Management | 0CCE9236-69AE-11D9-BED3-505054503030 |
| 56 | Account Management | Security Group Management | 0CCE9237-69AE-11D9-BED3-505054503030 |
| 57 | Account Management | Distribution Group Management | 0CCE9238-69AE-11D9-BED3-505054503030 |
| 58 | Account Management | Application Group Management | 0CCE9239-69AE-11D9-BED3-505054503030 |
| 59 | Account Management | Other Account Management Events | 0CCE923A-69AE-11D9-BED3-505054503030 |
| 60 | DS Access | 6997984F-797A-11D9-BED3-505054503030 | |
| 61 | DS Access | Directory Service Access | 0CCE923B-69AE-11D9-BED3-505054503030 |
| 62 | DS Access | Directory Service Changes | 0CCE923C-69AE-11D9-BED3-505054503030 |
| 63 | DS Access | Directory Service Replication | 0CCE923D-69AE-11D9-BED3-505054503030 |
| 64 | DS Access | Detailed Directory Service Replication | 0CCE923E-69AE-11D9-BED3-505054503030 |
| 65 | Account Logon | 69979850-797A-11D9-BED3-505054503030 | |
| 66 | Account Logon | Credential Validation | 0CCE923F-69AE-11D9-BED3-505054503030 |
| 67 | Account Logon | Kerberos Service Ticket Operations | 0CCE9240-69AE-11D9-BED3-505054503030 |
| 68 | Account Logon | Other Account Logon Events | 0CCE9241-69AE-11D9-BED3-505054503030 |
| 69 | Account Logon | Kerberos Authentication Service | 0CCE9242-69AE-11D9-BED3-505054503030 |