24 lines
963 B
Plaintext
24 lines
963 B
Plaintext
alias,event_key
|
|
EventID,Event.System.EventID
|
|
Channel,Event.System.Channel
|
|
CommandLine,Event.EventData.CommandLine
|
|
ParentProcessName,Event.EventData.ParentProcessName
|
|
Signed,Event.EventData.Signed
|
|
ProcessName,Event.EventData.ProcessName
|
|
AccessMask,Event.EventData.AccessMask
|
|
TargetUserName,Event.EventData.TargetUserName
|
|
param1,Event.EventData.param1
|
|
param2,Event.EventData.param2
|
|
ServiceName,Event.EventData.ServiceName
|
|
ImagePath,Event.EventData.ImagePath
|
|
ContextInfo,Event.EventData.ContextInfo
|
|
Path,Event.EventData.Path
|
|
ScriptBlockText,Event.EventData.ScriptBlockText
|
|
MemberName,Event.EventData.MemberName
|
|
MemberSid,Event.EventData.MemberSid
|
|
TargetSid,Event.EventData.TargetSid
|
|
LogFileCleared,Event.UserData.LogFileCleared.SubjectUserName
|
|
LogFileClearedSubjectUserName,Event.UserData.SubjectUserName
|
|
SubjectUserName,Event.EventData.SubjectUserName
|
|
SubjectUserSid,Event.EventData.SubjectUserSid
|
|
DomainName,Event.EventData.SubjectDomainName |