CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #286 from Yamato-Security/feature/update_eventkey_alias#274

Browse Source 
Feature/update eventkey alias#274
This commit is contained in:
Yamato Security
2021-12-20 20:16:07 +09:00
committed by GitHub
parent 5e07ccb2b4 6e237ebdda
commit 2e11d0b50a
1 changed files with 181 additions and 153 deletions
Download Patch File Download Diff File Expand all files Collapse all files

334
config/eventkey_alias.txt
View File

@@ -1,153 +1,181 @@
AccessList,Event.EventData.AccessList
AccessMask,Event.EventData.AccessMask
Accesses,Event.EventData.Accesses
AccountName,Event.EventData.AccountName
Account_Name,Event.EventData.Account_Name
AllowedToDelegateTo,Event.EventData.AllowedToDelegateTo
AttributeLDAPDisplayName,Event.EventData.AttributeLDAPDisplayName
AttributeValue,Event.EventData.AttributeValue
AuditPolicyChanges,Event.EventData.AuditPolicyChanges
AuditSourceName,Event.EventData.AuditSourceName
AuthenticationPackageName,Event.EventData.AuthenticationPackageName
CallTrace,Event.EventData.CallTrace
Caller_Process_Name,Event.EventData.Caller_Process_Name
CallingProcessName,Event.EventData.CallingProcessName
CategoryName,Event.EventData.Category Name
Channel,Event.System.Channel
Client_Address,Event.EventData.Client_Address
CommandLine,Event.EventData.CommandLine
Company,Event.EventData.Company
Computer,Event.System.Computer
ComputerName,Event.System.Computer
ContextInfo,Event.EventData.ContextInfo
CurrentDirectory,Event.EventData.CurrentDirectory
Description,Event.EventData.Description
DestPort,Event.EventData.DestPort
Destination,Event.EventData.Destination
DestinationAddress,Event.EventData.DestinationAddress
DestinationHostname,Event.EventData.DestinationHostname
DestinationIp,Event.EventData.DestinationIp
DestinationIsIpv6,Event.EventData.DestinationIsIpv6
DestinationPort,Event.EventData.DestinationPort
Details,Event.EventData.Details
DetectionSource,Event.EventData.DetectionSource
DetectionUser,Event.EventData.Detection User
Device,Event.EventData.Device
DeviceClassName,Event.EventData.DeviceClassName
DeviceDescription,Event.EventData.DeviceDescription
DeviceName,Event.EventData.DeviceName
DomainName,Event.EventData.SubjectDomainName
EngineVersion,Event.EventData.EngineVersion
EventID,Event.System.EventID
EventType,Event.EventData.EventType
FailureCode,Event.EventData.FailureCode
FileVersion,Event.EventData.FileVersion
GrantedAccess,Event.EventData.GrantedAccess
GroupName,Event.EventData.GroupName
GroupSid,Event.EventData.GroupSid
Hashes,Event.EventData.Hashes
HiveName,Event.EventData.HiveName
HostApplication,Event.EventData.HostApplication
HostName,Event.EventData.HostName
HostVersion,Event.EventData.HostVersion
Image,Event.EventData.Image
ImageLoaded,Event.EventData.ImageLoaded
ImagePath,Event.EventData.ImagePath
Imphash,Event.EventData.Hashes
Initiated,Event.EventData.Initiated
IntegrityLevel,Event.EventData.IntegrityLevel
IpAddress,Event.EventData.IpAddress
IpPort,Event.EventData.IpPort
JobTitle,Event.EventData.name
KeyLength,Event.EventData.KeyLength
Keywords,Event.System.Keywords
LDAPDisplayName,Event.EventData.LDAPDisplayName
LayerRTID,Event.EventData.LayerRTID
Level,Event.System.Level
LogFileClearedSubjectUserName,Event.UserData.LogFileCleared.SubjectUserName
LogonId,Event.EventData.LogonId
LogonProcessName,Event.EventData.LogonProcessName
LogonType,Event.EventData.LogonType
Logon_Account,Event.EventData.Logon_Account
MachineName,Event.EventData.MachineName
MemberName,Event.EventData.MemberName
MemberSid,Event.EventData.MemberSid
Message,Event.EventData
NewName,Event.EventData.NewName
NewValue,Event.EventData.NewValue
ObjectClass,Event.EventData.ObjectClass
ObjectName,Event.EventData.ObjectName
ObjectServer,Event.EventData.ObjectServer
ObjectType,Event.EventData.ObjectType
ObjectValueName,Event.EventData.ObjectValueName
Origin,Event.EventData.Origin
OriginalFileName,Event.EventData.OriginalFileName
OriginalFilename,Event.EventData.OriginalFileName
ParentCommandLine,Event.EventData.ParentCommandLine
ParentImage,Event.EventData.ParentImage
ParentIntegrityLevel,Event.EventData.ParentIntegrityLevel
ParentProcessName,Event.EventData.ParentProcessName
ParentUser,Event.EventData.ParentUser
PasswordLastSet,Event.EventData.PasswordLastSet
Path,Event.EventData.Path
Payload,Event.EventData.Payload
PipeName,Event.EventData.PipeName
PreAuthType,Event.EventData.PreAuthType
PrivilegeList,Event.EventData.PrivilegeList
ProcessCommandLine,Event.EventData.ProcessCommandLine
ProcessName,Event.EventData.ProcessName
Product,Event.EventData.Product
Properties,Event.EventData.Properties
QNAME,Event.EventData.QNAME
QueryName,Event.EventData.QueryName
QueryResults,Event.EventData.QueryResults
QueryStatus,Event.EventData.QueryStatus
RelativeTargetName,Event.EventData.RelativeTargetName
SAMAccountName,Event.EventData.SamAccountName
ScriptBlockText,Event.EventData.ScriptBlockText
Service,Event.EventData.Service
ServiceFileName,Event.EventData.ServiceFileName
ServiceName,Event.EventData.ServiceName
ServicePrincipalNames,Event.EventData.ServicePrincipalNames
SeverityName,Event.EventData.Severity Name
ShareName,Event.EventData.ShareName
SidHistory,Event.EventData.SidHistory
Signature,Event.EventData.Signature
Signed,Event.EventData.Signed
Source,Event.System.Provider_Name
SourceAddress,Event.EventData.SourceAddress
SourceImage,Event.EventData.SourceImage
SourceNetworkAddress,Event.EventData.SourceNetworkAddress
SourcePort,Event.EventData.SourcePort
Source_Network_Address,Event.EventData.Source_Network_Address
Source_WorkStation,Event.EventData.Source_WorkStation
StartFunction,Event.EventData.StartFunction
StartModule,Event.EventData.StartModule
Status,Event.EventData.Status
SubStatus,Event.EventData.SubStatus
SubjectDomainName,Event.EventData.SubjectDomainName
SubjectLogonId,Event.EventData.SubjectLogonId
SubjectUserName,Event.EventData.SubjectUserName
SubjectUserSid,Event.EventData.SubjectUserSid
TargetDomainName,Event.EventData.TargetDomainName
TargetFilename,Event.EventData.TargetFilename
TargetImage,Event.EventData.TargetImage
TargetLogonId,Event.EventData.TargetLogonId
TargetName,Event.EventData.TargetServerName
TargetObject,Event.EventData.TargetObject
TargetProcessAddress,Event.EventData.TargetProcessAddress
TargetSid,Event.EventData.TargetSid
TargetUserName,Event.EventData.TargetUserName
TaskName,Event.EventData.TaskName
ThreatName,Event.EventData.Threat Name
TicketEncryptionType,Event.EventData.TicketEncryptionType
TicketOptions,Event.EventData.TicketOptions
Url,Event.EventData.url
User,Event.EventData.User
UserName,Event.EventData.UserName
Workstation,Event.EventData.Workstation
WorkstationName,Event.EventData.WorkstationName
keywords,Event.System.Keywords
param1,Event.EventData.param1
param2,Event.EventData.param2
service,Event.EventData.Service
AccessList,Event.EventData.AccessList
AccessMask,Event.EventData.AccessMask
Accesses,Event.EventData.Accesses
AccountName,Event.EventData.AccountName
Account_Name,Event.EventData.Account_Name
AllowedToDelegateTo,Event.EventData.AllowedToDelegateTo
AttributeLDAPDisplayName,Event.EventData.AttributeLDAPDisplayName
AttributeValue,Event.EventData.AttributeValue
AuditPolicyChanges,Event.EventData.AuditPolicyChanges
AuditSourceName,Event.EventData.AuditSourceName
AuthenticationPackageName,Event.EventData.AuthenticationPackageName
CallTrace,Event.EventData.CallTrace
CallerProcessName,Event.EventData.CallerProcessName
Caller_Process_Name,Event.EventData.Caller_Process_Name
CallingProcessName,Event.EventData.CallingProcessName
CategoryName,Event.EventData.Category Name
CertThumbprint,Event.EventData.CertThumbprint
Channel,Event.System.Channel
ClassName,Event.EventData.ClassName
Client_Address,Event.EventData.Client_Address
CommandLine,Event.EventData.CommandLine
Company,Event.EventData.Company
Computer,Event.System.Computer
ComputerName,Event.System.Computer
ContextInfo,Event.EventData.ContextInfo
CurrentDirectory,Event.EventData.CurrentDirectory
Description,Event.EventData.Description
DestAddress,Event.EventData.DestAddress
DestPort,Event.EventData.DestPort
Destination,Event.EventData.Destination
DestinationAddress,Event.EventData.DestinationAddress
DestinationHostname,Event.EventData.DestinationHostname
DestinationIp,Event.EventData.DestinationIp
DestinationIsIpv6,Event.EventData.DestinationIsIpv6
DestinationPort,Event.EventData.DestinationPort
Details,Event.EventData.Details
DetectionSource,Event.EventData.DetectionSource
DetectionUser,Event.EventData.Detection User
Device,Event.EventData.Device
DeviceClassName,Event.EventData.DeviceClassName
DeviceDescription,Event.EventData.DeviceDescription
DeviceName,Event.EventData.DeviceName
DomainName,Event.EventData.SubjectDomainName
EngineVersion,Event.EventData.EngineVersion
ErrorCode,Event.EventData.ErrorCode
EventID,Event.System.EventID
EventType,Event.EventData.EventType
FailureCode,Event.EventData.FailureCode
FilePath,Event.EventData.FilePath
FileVersion,Event.EventData.FileVersion
Filename,Event.EventData.Filename
GrantedAccess,Event.EventData.GrantedAccess
GroupName,Event.EventData.GroupName
GroupSid,Event.EventData.GroupSid
Hashes,Event.EventData.Hashes
HiveName,Event.EventData.HiveName
HostApplication,Event.EventData.HostApplication
HostName,Event.EventData.HostName
HostVersion,Event.EventData.HostVersion
Image,Event.EventData.Image
ImageLoaded,Event.EventData.ImageLoaded
ImagePath,Event.EventData.ImagePath
Imphash,Event.EventData.Hashes
Initiated,Event.EventData.Initiated
IntegrityLevel,Event.EventData.IntegrityLevel
IpAddress,Event.EventData.IpAddress
IpPort,Event.EventData.IpPort
JobTitle,Event.EventData.name
KeyLength,Event.EventData.KeyLength
Keywords,Event.System.Keywords
LDAPDisplayName,Event.EventData.LDAPDisplayName
LayerRTID,Event.EventData.LayerRTID
Level,Event.System.Level
LogFileClearedSubjectUserName,Event.UserData.LogFileCleared.SubjectUserName
LogonId,Event.EventData.LogonId
LogonProcessName,Event.EventData.LogonProcessName
LogonType,Event.EventData.LogonType
Logon_Account,Event.EventData.Logon_Account
MachineName,Event.EventData.MachineName
MemberName,Event.EventData.MemberName
MemberSid,Event.EventData.MemberSid
Message,Event.EventData
NewName,Event.EventData.NewName
NewTemplateContent, Event.EventData.NewTemplateContent
NewUacValue,Event.EventData.NewUacValue
NewValue,Event.EventData.NewValue
New_Value,Event.EventData.New Value
ObjectClass,Event.EventData.ObjectClass
ObjectName,Event.EventData.ObjectName
ObjectServer,Event.EventData.ObjectServer
ObjectType,Event.EventData.ObjectType
ObjectValueName,Event.EventData.ObjectValueName
OldUacValue,Event.EventData.OldUacValue
Origin,Event.EventData.Origin
OriginalFilename,Event.EventData.OriginalFileName
ParentCommandLine,Event.EventData.ParentCommandLine
ParentImage,Event.EventData.ParentImage
ParentIntegrityLevel,Event.EventData.ParentIntegrityLevel
ParentProcessName,Event.EventData.ParentProcessName
ParentUser,Event.EventData.ParentUser
PasswordLastSet,Event.EventData.PasswordLastSet
Path,Event.EventData.Path
Payload,Event.EventData.Payload
PipeName,Event.EventData.PipeName
PreAuthType,Event.EventData.PreAuthType
PrivilegeList,Event.EventData.PrivilegeList
ProcessCommandLine,Event.EventData.ProcessCommandLine
ProcessId,Event.EventData.ProcessId
ProcessName,Event.EventData.ProcessName
Product,Event.EventData.Product
Properties,Event.EventData.Properties
ProviderName,Event.System.Provider_Name
Provider_Name,Event.System.Provider_Name
QNAME,Event.EventData.QNAME
QueryName,Event.EventData.QueryName
QueryResults,Event.EventData.QueryResults
QueryStatus,Event.EventData.QueryStatus
RelativeTargetName,Event.EventData.RelativeTargetName
RuleName,Event.EventData.RuleName
SAMAccountName,Event.EventData.SamAccountName
ScriptBlockText,Event.EventData.ScriptBlockText
SearchFilter,Event.System.SearchFilter
ServerName,Event.System.ServerName
Service,Event.EventData.Service
ServiceFileName,Event.EventData.ServiceFileName
ServiceName,Event.EventData.ServiceName
ServicePrincipalNames,Event.EventData.ServicePrincipalNames
ServiceStartType,Event.EventData.ServiceStartType
ServiceType,Event.EventData.ServiceType
SeverityName,Event.EventData.Severity Name
ShareLocalPath,Event.EventData.ShareLocalPath
ShareName,Event.EventData.ShareName
SidHistory,Event.EventData.SidHistory
Signature,Event.EventData.Signature
Signed,Event.EventData.Signed
Source,Event.System.Provider_Name
SourceAddress,Event.EventData.SourceAddress
SourceImage,Event.EventData.SourceImage
SourceNetworkAddress,Event.EventData.SourceNetworkAddress
SourcePort,Event.EventData.SourcePort
Source_Name,Event.EventData.Source Name
Source_Network_Address,Event.EventData.Source_Network_Address
Source_WorkStation,Event.EventData.Source_WorkStation
StartAddress,Event.EventData.StartAddress
StartFunction,Event.EventData.StartFunction
StartModule,Event.EventData.StartModule
State,Event.EventData.State
Status,Event.EventData.Status
SubStatus,Event.EventData.SubStatus
SubjectDomainName,Event.EventData.SubjectDomainName
SubjectLogonId,Event.EventData.SubjectLogonId
SubjectUserName,Event.EventData.SubjectUserName
SubjectUserSid,Event.EventData.SubjectUserSid
TargetDomainName,Event.EventData.TargetDomainName
TargetFilename,Event.EventData.TargetFilename
TargetInfo,Event.EventData.TargetInfo
TargetImage,Event.EventData.TargetImage
TargetLogonId,Event.EventData.TargetLogonId
TargetName,Event.EventData.TargetServerName
TargetObject,Event.EventData.TargetObject
TargetProcessAddress,Event.EventData.TargetProcessAddress
TargetServerName,Event.EventData.TargetServerName
TargetSid,Event.EventData.TargetSid
TargetUserName,Event.EventData.TargetUserName
TaskName,Event.EventData.TaskName
TemplateContent,Event.EventData.TemplateContent
ThreatName,Event.EventData.Threat Name
TicketEncryptionType,Event.EventData.TicketEncryptionType
TicketOptions,Event.EventData.TicketOptions
Url,Event.EventData.url
User,Event.EventData.User
UserName,Event.EventData.UserName
Value, Event.EventData.Value
WindowsDefenderProcessName,Event.EventData.Process Name
Workstation,Event.EventData.Workstation
WorkstationName,Event.EventData.WorkstationName
param1,Event.EventData.param1
param2,Event.EventData.param2
provider_Name,Event.EventData.Provider_Name
service,Event.EventData.Service
sha1,Event.EventData.Hashes_sha1