alias,event_key
EventID,Event.System.EventID
Channel,Event.System.Channel
CommandLine,Event.EventData.CommandLine
ParentProcessName,Event.EventData.ParentProcessName
Signed,Event.EventData.Signed
ProcessName,Event.EventData.ProcessName
AccessMask,Event.EventData.AccessMask
TargetUserName,Event.EventData.TargetUserName
param1,Event.EventData.param1
param2,Event.EventData.param2
ServiceName,Event.EventData.ServiceName
ImagePath,Event.EventData.ImagePath
ContextInfo,Event.EventData.ContextInfo
Path,Event.EventData.Path
ScriptBlockText,Event.EventData.ScriptBlockText
MemberName,Event.EventData.MemberName
MemberSid,Event.EventData.MemberSid
TargetSid,Event.EventData.TargetSid
LogFileCleared,Event.UserData.LogFileCleared.SubjectUserName
LogFileClearedSubjectUserName,Event.UserData.SubjectUserName
SubjectUserName,Event.EventData.SubjectUserName
SubjectUserSid,Event.EventData.SubjectUserSid
DomainName,Event.EventData.SubjectDomainName
TicketEncryptionType,Event.EventData.TicketEncryptionType
PreAuthType,Event.EventData.PreAuthType
TaskName,Event.EventData.TaskName
WorkStationName,Event.EventData.WorkStationName
Workstation,Event.EventData.WorkStation
UserName,Event.EventData.UserName
ServiceFileName,Event.EventData.ServiceFileName
ComputerName,Event.System.Computer
Account_Name,Event.EventData.Account_Name
Source_Network_Address,Event.EventData.Source_Network_Address
Caller_Process_Name,Event.EventData.Caller_Process_Name
Computer,Event.System.Computer
Client_Address,Event.EventData.Client_Address
Logon_Account,Event.EventData.Logon_Account
Source_WorkStation,Event.EventData.Source_WorkStation
SourceAddress,Event.EventData.SourceAddress
SubjectLogonId,Event.EventData.SubjectLogonId
Image,Event.EventData.Image
ParentImage,Event.EventData.ParentImage
MachineName,Event.EventData.MachineName
QueryName,Event.EventData.QueryName
Accesses,Event.EventData.Accesses
AccessList,Event.EventData.AccessList
AccessMask,Event.EventData.AccessMask
AccountName,Event.EventData.AccountName
AllowedToDelegateTo,Event.EventData.AllowedToDelegateTo
AttributeLDAPDisplayName,Event.EventData.AttributeLDAPDisplayName
AttributeValue,Event.EventData.AttributeValue
AuditPolicyChanges,Event.EventData.AuditPolicyChanges
AuditSourceName,Event.EventData.AuditSourceName
AuthenticationPackageName,Event.EventData.AuthenticationPackageName
AuthenticationPackageName,Event.EventData.AuthenticationPackageName
CallingProcessName,Event.EventData.CallingProcessName
CallTrace,Event.EventData.CallTrace
CommandLine,Event.EventData.CommandLine
Company,Event.EventData.Company
ContextInfo,Event.EventData.ContextInfo
CurrentDirectory,Event.EventData.CurrentDirectory
Description,Event.EventData.Description
Destination,Event.EventData.Destination
DestinationAddress,Event.EventData.DestinationAddress
DestinationHostname,Event.EventData.DestinationHostname
DestinationIp,Event.EventData.DestinationIp
DestinationIsIpv6,Event.EventData.DestinationIsIpv6
DestinationPort,Event.EventData.DestinationPort
DestPort,Event.EventData.DestPort
Details,Event.EventData.Details
DetectionSource,Event.EventData.DetectionSource
Device,Event.EventData.Device
DeviceClassName,Event.EventData.DeviceClassName
DeviceDescription,Event.EventData.DeviceDescription
DeviceName,Event.EventData.DeviceName
EngineVersion,Event.EventData.EngineVersion
EventID,Event.System.EventID
EventType,Event.EventData.EventType
FailureCode,Event.EventData.FailureCode
FileVersion,Event.EventData.FileVersion
GrantedAccess,Event.EventData.GrantedAccess
GroupName,Event.EventData.GroupName
GroupSid,Event.EventData.GroupSid
Hashes,Event.EventData.Hashes
HiveName,Event.EventData.HiveName
HostApplication,Event.EventData.HostApplication
HostName,Event.EventData.HostName
HostVersion,Event.EventData.HostVersion
Image,Event.EventData.Image
ImageLoaded,Event.EventData.ImageLoaded
ImagePath,Event.EventData.ImagePath
Imphash,Event.EventData.Hashes
Initiated,Event.EventData.Initiated
IntegrityLevel,Event.EventData.IntegrityLevel
IpAddress,Event.EventData.IpAddress
KeyLength,Event.EventData.KeyLength
Keywords,Event.System.Keywords
keywords,Event.System.Keywords
LayerRTID,Event.EventData.LayerRTID
LDAPDisplayName,Event.EventData.LDAPDisplayName
Level,Event.System.Level
LogonId,Event.EventData.LogonId
LogonProcessName,Event.EventData.LogonProcessName
LogonType,Event.EventData.LogonType
Message,Event.EventData
NewName,Event.EventData.NewName
NewValue,Event.EventData.NewValue
ObjectClass,Event.EventData.ObjectClass
ObjectName,Event.EventData.ObjectName
ObjectServer,Event.EventData.ObjectServer
ObjectType,Event.EventData.ObjectType
ObjectValueName,Event.EventData.ObjectValueName
Origin,Event.EventData.Origin
OriginalFilename,Event.EventData.OriginalFileName
OriginalFileName,Event.EventData.OriginalFileName
ParentCommandLine,Event.EventData.ParentCommandLine
ParentImage,Event.EventData.ParentImage
ParentIntegrityLevel,Event.EventData.ParentIntegrityLevel
ParentUser,Event.EventData.ParentUser
PasswordLastSet,Event.EventData.PasswordLastSet
Path,Event.EventData.Path
Payload,Event.EventData.Payload
PipeName,Event.EventData.PipeName
PrivilegeList,Event.EventData.PrivilegeList
ProcessCommandLine,Event.EventData.ProcessCommandLine
ProcessName,Event.EventData.ProcessName
Product,Event.EventData.Product
Properties,Event.EventData.Properties
QNAME,Event.EventData.QNAME
QueryName,Event.EventData.QueryName
QueryResults,Event.EventData.QueryResults
QueryStatus,Event.EventData.QueryStatus
RelativeTargetName,Event.EventData.RelativeTargetName
SAMAccountName,Event.EventData.SamAccountName
ScriptBlockText,Event.EventData.ScriptBlockText
service,Event.EventData.Service
Service,Event.EventData.Service
ServiceFileName,Event.EventData.ServiceFileName
ServiceName,Event.EventData.ServiceName
ServicePrincipalNames,Event.EventData.ServicePrincipalNames
ShareName,Event.EventData.ShareName
SidHistory,Event.EventData.SidHistory
Signature,Event.EventData.Signature
Signed,Event.EventData.Signed
Source,Event.System.Provider_Name
SourceAddress,Event.EventData.SourceAddress
SourceImage,Event.EventData.SourceImage
SourceNetworkAddress,Event.EventData.SourceNetworkAddress
SourcePort,Event.EventData.SourcePort
StartFunction,Event.EventData.StartFunction
StartModule,Event.EventData.StartModule
Status,Event.EventData.Status
SubjectDomainName,Event.EventData.SubjectDomainName
SubjectLogonId,Event.EventData.SubjectLogonId
SubjectUserName,Event.EventData.SubjectUserName
SubjectUserSid,Event.EventData.SubjectUserSid
TargetFilename,Event.EventData.TargetFilename
TargetImage,Event.EventData.TargetImage
TargetLogonId,Event.EventData.TargetLogonId
TargetName,Event.EventData.TargetServerName
TargetObject,Event.EventData.TargetObject
TargetProcessAddress,Event.EventData.TargetProcessAddress
TargetUserName,Event.EventData.TargetUserName
TaskName,Event.EventData.TaskName
TicketEncryptionType,Event.EventData.TicketEncryptionType
TicketOptions,Event.EventData.TicketOptions
User,Event.EventData.User
Workstation,Event.EventData.Workstation
WorkstationName,Event.EventData.WorkstationName
JobTitle,Event.EventData.name
Url,Event.EventData.url