AccessList,Event.EventData.AccessList
AccessMask,Event.EventData.AccessMask
Accesses,Event.EventData.Accesses
AccountName,Event.EventData.AccountName
Account_Name,Event.EventData.Account_Name
AllowedToDelegateTo,Event.EventData.AllowedToDelegateTo
AttributeLDAPDisplayName,Event.EventData.AttributeLDAPDisplayName
AttributeValue,Event.EventData.AttributeValue
AuditPolicyChanges,Event.EventData.AuditPolicyChanges
AuditSourceName,Event.EventData.AuditSourceName
AuthenticationPackageName,Event.EventData.AuthenticationPackageName
CallTrace,Event.EventData.CallTrace
Caller_Process_Name,Event.EventData.Caller_Process_Name
CallingProcessName,Event.EventData.CallingProcessName
Channel,Event.System.Channel
Client_Address,Event.EventData.Client_Address
CommandLine,Event.EventData.CommandLine
Company,Event.EventData.Company
Computer,Event.System.Computer
ComputerName,Event.System.Computer
ContextInfo,Event.EventData.ContextInfo
CurrentDirectory,Event.EventData.CurrentDirectory
Description,Event.EventData.Description
DestPort,Event.EventData.DestPort
Destination,Event.EventData.Destination
DestinationAddress,Event.EventData.DestinationAddress
DestinationHostname,Event.EventData.DestinationHostname
DestinationIp,Event.EventData.DestinationIp
DestinationIsIpv6,Event.EventData.DestinationIsIpv6
DestinationPort,Event.EventData.DestinationPort
Details,Event.EventData.Details
DetectionSource,Event.EventData.DetectionSource
Device,Event.EventData.Device
DeviceClassName,Event.EventData.DeviceClassName
DeviceDescription,Event.EventData.DeviceDescription
DeviceName,Event.EventData.DeviceName
DomainName,Event.EventData.SubjectDomainName
EngineVersion,Event.EventData.EngineVersion
EventID,Event.System.EventID
EventType,Event.EventData.EventType
FailureCode,Event.EventData.FailureCode
FileVersion,Event.EventData.FileVersion
GrantedAccess,Event.EventData.GrantedAccess
GroupName,Event.EventData.GroupName
GroupSid,Event.EventData.GroupSid
Hashes,Event.EventData.Hashes
HiveName,Event.EventData.HiveName
HostApplication,Event.EventData.HostApplication
HostName,Event.EventData.HostName
HostVersion,Event.EventData.HostVersion
Image,Event.EventData.Image
ImageLoaded,Event.EventData.ImageLoaded
ImagePath,Event.EventData.ImagePath
Imphash,Event.EventData.Hashes
Initiated,Event.EventData.Initiated
IntegrityLevel,Event.EventData.IntegrityLevel
IpAddress,Event.EventData.IpAddress
IpPort,Event.EventData.IpPort
JobTitle,Event.EventData.name
KeyLength,Event.EventData.KeyLength
Keywords,Event.System.Keywords
LDAPDisplayName,Event.EventData.LDAPDisplayName
LayerRTID,Event.EventData.LayerRTID
Level,Event.System.Level
LogFileClearedSubjectUserName,Event.UserData.LogFileCleared.SubjectUserName
LogonId,Event.EventData.LogonId
LogonProcessName,Event.EventData.LogonProcessName
LogonType,Event.EventData.LogonType
Logon_Account,Event.EventData.Logon_Account
MachineName,Event.EventData.MachineName
MemberName,Event.EventData.MemberName
MemberSid,Event.EventData.MemberSid
Message,Event.EventData
NewName,Event.EventData.NewName
NewValue,Event.EventData.NewValue
ObjectClass,Event.EventData.ObjectClass
ObjectName,Event.EventData.ObjectName
ObjectServer,Event.EventData.ObjectServer
ObjectType,Event.EventData.ObjectType
ObjectValueName,Event.EventData.ObjectValueName
Origin,Event.EventData.Origin
OriginalFileName,Event.EventData.OriginalFileName
OriginalFilename,Event.EventData.OriginalFileName
ParentCommandLine,Event.EventData.ParentCommandLine
ParentImage,Event.EventData.ParentImage
ParentIntegrityLevel,Event.EventData.ParentIntegrityLevel
ParentProcessName,Event.EventData.ParentProcessName
ParentUser,Event.EventData.ParentUser
PasswordLastSet,Event.EventData.PasswordLastSet
Path,Event.EventData.Path
Payload,Event.EventData.Payload
PipeName,Event.EventData.PipeName
PreAuthType,Event.EventData.PreAuthType
PrivilegeList,Event.EventData.PrivilegeList
ProcessCommandLine,Event.EventData.ProcessCommandLine
ProcessName,Event.EventData.ProcessName
Product,Event.EventData.Product
Properties,Event.EventData.Properties
QNAME,Event.EventData.QNAME
QueryName,Event.EventData.QueryName
QueryResults,Event.EventData.QueryResults
QueryStatus,Event.EventData.QueryStatus
RelativeTargetName,Event.EventData.RelativeTargetName
SAMAccountName,Event.EventData.SamAccountName
ScriptBlockText,Event.EventData.ScriptBlockText
Service,Event.EventData.Service
ServiceFileName,Event.EventData.ServiceFileName
ServiceName,Event.EventData.ServiceName
ServicePrincipalNames,Event.EventData.ServicePrincipalNames
ShareName,Event.EventData.ShareName
SidHistory,Event.EventData.SidHistory
Signature,Event.EventData.Signature
Signed,Event.EventData.Signed
Source,Event.System.Provider_Name
SourceAddress,Event.EventData.SourceAddress
SourceImage,Event.EventData.SourceImage
SourceNetworkAddress,Event.EventData.SourceNetworkAddress
SourcePort,Event.EventData.SourcePort
Source_Network_Address,Event.EventData.Source_Network_Address
Source_WorkStation,Event.EventData.Source_WorkStation
StartFunction,Event.EventData.StartFunction
StartModule,Event.EventData.StartModule
Status,Event.EventData.Status
SubStatus,Event.EventData.SubStatus
SubjectDomainName,Event.EventData.SubjectDomainName
SubjectLogonId,Event.EventData.SubjectLogonId
SubjectUserName,Event.EventData.SubjectUserName
SubjectUserSid,Event.EventData.SubjectUserSid
TargetDomainName,Event.EventData.TargetDomainName
TargetFilename,Event.EventData.TargetFilename
TargetImage,Event.EventData.TargetImage
TargetLogonId,Event.EventData.TargetLogonId
TargetName,Event.EventData.TargetServerName
TargetObject,Event.EventData.TargetObject
TargetProcessAddress,Event.EventData.TargetProcessAddress
TargetSid,Event.EventData.TargetSid
TargetUserName,Event.EventData.TargetUserName
TaskName,Event.EventData.TaskName
TicketEncryptionType,Event.EventData.TicketEncryptionType
TicketOptions,Event.EventData.TicketOptions
Url,Event.EventData.url
User,Event.EventData.User
UserName,Event.EventData.UserName
Workstation,Event.EventData.Workstation
WorkstationName,Event.EventData.WorkstationName
keywords,Event.System.Keywords
param1,Event.EventData.param1
param2,Event.EventData.param2
service,Event.EventData.Service