| s-4611 |
microsoft-evsecurity-kv-endpoint-notification-success-4611 |
| s-4624-jp |
microsoft-evsecurity-kv-endpoint-login-success-4624-4 |
| s-4625-jp |
microsoft-evsecurity-csv-endpoint-login-fail-4625 |
| s-4648-jp |
microsoft-evsecurity-csv-endpoint-login-success-4648 |
| s-4662 |
microsoft-evsecurity-kv-ds-object-activity-success-4662-1 |
| s-4663-jp |
microsoft-evsecurity-str-file-read-success-4663-5 |
| s-4672-jp |
microsoft-evsecurity-str-user-privilege-assign-success-4672 |
| s-4674-jp |
microsoft-evsecurity-str-user-privilege-use-success-4674 |
| s-4688-jp |
microsoft-evsecurity-kv-process-create-success-4688-1 |
| s-4697 |
microsoft-evsecurity-kv-service-create-success-4697 |
| s-4698 |
"microsoft-evsecurity-xml-scheduled-task-create-success-4698 |
| s-4719 |
microsoft-evsecurity-json-audit-policy-modify-success-4719-2 |
| s-4719-1 |
microsoft-evsecurity-kv-audit-policy-modify-success-4719 |
| s-4720-jp |
microsoft-evsecurity-kv-user-create-success-4720-3 |
| s-4722-jp |
microsoft-evsecurity-csv-user-enable-success-4722 |
| s-4723-jp |
microsoft-evsecurity-csv-user-password-modify-4723 |
| s-4724-jp |
microsoft-evsecurity-csv-user-password-reset-success-4724-1 |
| s-4725-jp |
microsoft-evsecurity-csv-user-disable-success-4725-1 |
| s-4726-jp |
microsoft-evsecurity-csv-user-delete-success-4726 |
| s-4740-1 |
microsoft-evsecurity-kv-user-delete-fail-lockedout |
| s-4740-2 |
microsoft-evsecurity-kv-user-delete-fail-accountname |
| s-4740-jp |
microsoft-evsecurity-str-user-lock-success-4740 |
| s-4768-jp |
microsoft-evsecurity-csv-endpoint-login-4768 |
| s-4769-jp |
microsoft-evsecurity-json-endpoint-login-4769-9 |
| s-4770-jp |
microsoft-evsecurity-csv-endpoint-login-success-4770 |
| s-4771-jp |
microsoft-evsecurity-kv-endpoint-login-failed-4771-jp |
| s-4776-jp |
microsoft-evsecurity-kv-endpoint-login-4776 |
| s-4800 |
microsoft-evsecurity-kv-endpoint-lock-success-4800-4 |
| s-4801 |
microsoft-evsecurity-kv-endpoint-unlock-success-4801-4 |
| s-4801-1 |
microsoft-evsecurity-kv-endpoint-unlock-success-4801-1 |
| s-5137 |
microsoft-evsecurity-kv-ds-object-activity-success-5137-1 |
| s-5141 |
microsoft-evsecurity-kv-ds-object-activity-success-5141-1 |
| s-5141-1 |
microsoft-evsecurity-kv-ds-object-activity-success-5141-2 |
| s-516 |
microsoft-evsecurity-kv-user-delete-fail-516 |
| s-517 |
microsoft-evsecurity-kv-log-clear-success-517 |
| s-538 |
microsoft-evsecurity-kv-endpoint-logout-success-538 |
| s-560 |
microsoft-evsecurity-json-file-success-objectopen |
| s-560-jp |
microsoft-evsecurity-csv-file-success-560 |
| s-562 |
microsoft-evsecurity-kv-handle-close-success-562 |
| s-563 |
microsoft-evsecurity-kv-handle-open-success-563 |
| s-576 |
microsoft-evsecurity-kv-user-privilege-assign-success-576 |
| s-592 |
microsoft-evsecurity-kv-process-create-success-592 |
| s-612 |
microsoft-evsecurity-kv-audit-policy-modify-success-612 |
| s-627 |
microsoft-evsecurity-kv-user-password-modify-627 |
| s-672 |
microsoft-evsecurity-kv-endpoint-login-672-1 |
| s-673 |
microsoft-evadfs-kv-endpoint-login-673-1 |
| s-675 |
microsoft-evsecurity-kv-endpoint-login-fail-675-2 |
| s-680 |
microsoft-evsecurity-kv-endpoint-login-680 |
| s-7045 |
microsoft-evsystem-kv-service-create-success-7045 |
| s-O365-dlp-email |
microsoft-o365-json-email-send-receive-emailsend |
| s-O365-email |
microsoft-o365-kv-email-send-success-emailsend |
| s-adaxes-app-activity |
adaxes-a-str-app-activity-success-adaxes |
| s-adfs-auth-failed |
microsoft-evsecurity-kv-endpoint-login-fail-411 |
| s-amag-badge-access |
amag-sac-kv-physical-location-access-success-datetimeoftxn |
| s-aruba-authentication-failed |
hp-arubacpm-kv-endpoint-login-fail-loginreject |
| s-aruba-nac-logon |
hp-arubawc-kv-endpoint-login-success-connection |
| s-aruba-nac-logon-1 |
hp-arubawc-kv-endpoint-login-success-authentication |
| s-asa-605005 |
cisco-asa-str-rdp-traffic-success-605005 |
| s-atlassian-bitbucket-app-activity |
atlassian-bitbucket-str-app-activity-success-sshgit |
| s-avaya-failed-vpn-login |
avaya-vpn-kv-vpn-login-fail-vpnfail |
| s-avaya-vpn-login |
avaya-vpn-kv-vpn-login-success-vpnsuccess |
| s-aws-cloudtrail-activity-json |
amazon-awscloudtrail-cef-app-activity-awsapicall |
| s-aws-cloudtrail-assumedrole-json |
amazon-awscloudtrail-cef-app-activity-assumedrole |
| s-aws-cloudtrail-login-json |
amazon-awscloudtrail-json-app-login-awsconsolesignin |
| s-aws-netflow-connection |
amazon-awscloudwatch-mix-network-traffic-success-accept |
| s-aws-netflow-connection-reject |
amazon-awscloudwatch-cef-network-traffic-success-reject |
| s-azura-mfa-auth-failed |
microsoft-azuremfa-str-endpoint-login-fail-callstatus |
| s-azura-mfa-auth-successful |
microsoft-azuremfa-str-endpoint-login-success-callstatus-1 |
| s-azura-pri-auth-failed |
microsoft-azuremfa-str-endpoint-login-fail-auth |
| s-azura-pri-auth-successful |
microsoft-azure-str-endpoint-login-success-primaryauth |
| s-azure-ad-app-activity-2 |
microsoft-azuread-json-app-activity-addmembertogroup |
| s-azure-ad-app-login |
microsoft-azuread-json-app-login-appdisplayname |
| s-azure-ad-app-login-2 |
microsoft-azuread-json-app-login-signin |
| s-azure-ad-password-change-2 |
microsoft-azuread-json-user-password-modify-success-passwordreset |
| s-azure-app-activity |
microsoft-azure-mix-app-activity-success-caller |
| s-azure-app-login |
microsoft-azure-json-app-login-datetime |
| s-azure-authentication |
microsoft-azure-kv-endpoint-login-access |
| s-azure-container-service |
microsoft-azuremon-sk4-app-activity-success-containerservice |
| s-bit9-epp-alert |
vmware-carbonblackappctrl-json-alert-trigger-success-processhashtype |
| s-brightmail-email |
symantec-esc-kv-email-send-success-brightmail |
| s-bro-dhcp |
zeek-z-str-endpoint-login-success-ahauth |
| s-bro-email-in |
zeek-z-str-email-receive-success-brosmtp |
| s-bro-web-activity |
zeek-z-str-http-session-custom |
| s-carbonblack-security-alert |
vmware-carbonblack-sk4-alert-trigger-success-cbanalytics |
| s-carbonblack-security-alert-1 |
vmware-carbonblack-sk4-alert-trigger-success-watchlist |
| s-carbonblack-security-alert-2 |
vmware-carbonblack-json-alert-trigger-success-watchlist-1 |
| s-ccure-badge-access |
tyco-ccure-kv-physical-location-access-card |
| s-checkpoint-alert |
checkpoint-es-kv-alert-trigger-success-smartdefense |
| s-checkpoint-alert-1 |
checkpoint-es-kv-alert-trigger-success-1 |
| s-checkpoint-alert-2 |
checkpoint-es-kv-alert-trigger-success-threatemulation |
| s-checkpoint-alert-3 |
checkpoint-es-kv-alert-trigger-success-prevent |
| s-checkpoint-alert-4 |
checkpoint-es-kv-alert-trigger-success-monitor |
| s-checkpoint-firewall-accept |
checkpoint-ngfw-kv-network-traffic-success-accept |
| s-checkpoint-firewall-allow |
checkpoint-ngfw-kv-network-traffic-success-allow |
| s-checkpoint-firewall-block |
checkpoint-ngfw-kv-network-traffic-fail-block |
| s-checkpoint-firewall-drop |
checkpoint-ngfw-kv-network-traffic-fail-drop |
| s-checkpoint-firewall-encrypt |
checkpoint-ngfw-kv-app-activity-encrypt |
| s-checkpoint-fw-network-connection |
checkpoint-ngfw-kv-network-traffic-success-accept-3 |
| s-checkpoint-proxy |
checkpoint-ngfw-kv-http-session-url |
| s-cisco-acs-app-activity |
cisco-ise-kv-app-activity-success-appactivity |
| s-cisco-acs-auth-failed |
cisco-ise-kv-vpn-login-fail-authfailed |
| s-cisco-acs-auth-successful |
cisco-ise-kv-endpoint-authentication-success-authenok |
| s-cisco-acs-nac-failed-logon |
cisco-ise-kv-radius-traffic-fail-cscoacsfailedattempt |
| s-cisco-acs-nac-logon |
cisco-ise-kv-radius-traffic-success-radius |
| s-cisco-amp-alert-1 |
cisco-secureendpoint-mix-alert-trigger-success-quarantine |
| s-cisco-amp-alert-10 |
cisco-secureendpoint-sk4-alert-trigger-success-cloudioc |
| s-cisco-amp-alert-11 |
cisco-secureendpoint-sk4-alert-trigger-success-policyupdatefailure |
| s-cisco-amp-alert-13 |
cisco-secureendpoint-cef-alert-trigger-success-detected |
| s-cisco-amp-alert-14 |
cisco-secureendpoint-sk4-alert-trigger-success-falsenegative |
| s-cisco-amp-alert-15 |
cisco-secureendpoint-sk4-alert-trigger-success-multipleinfectedfiles |
| s-cisco-amp-alert-16 |
cisco-secureendpoint-sk4-alert-trigger-success-threatdetection |
| s-cisco-amp-alert-2 |
cisco-secureendpoint-sk4-alert-trigger-success-quarantinefailure |
| s-cisco-amp-alert-3 |
cisco-secureendpoint-mix-alert-trigger-success-threatdetected |
| s-cisco-amp-alert-4 |
cisco-secureendpoint-mix-alert-trigger-threatquarantined |
| s-cisco-amp-alert-5 |
cisco-secureendpoint-mix-alert-trigger-success-vulnerable |
| s-cisco-amp-alert-6 |
cisco-secureendpoint-sk4-alert-trigger-success-failedtodelete |
| s-cisco-amp-alert-7 |
cisco-secureendpoint-sk4-alert-trigger-success-executedmalware |
| s-cisco-amp-alert-8 |
cisco-secureendpoint-sk4-alert-trigger-success-criticalfaultraised |
| s-cisco-amp-alert-9 |
cisco-secureendpoint-sk4-alert-trigger-success-majorfaultraised |
| s-cisco-amp-system-info-10 |
cisco-secureendpoint-sk4-policy-modify-policyupdate |
| s-cisco-amp-system-info-11 |
cisco-secureendpoint-sk4-endpoint-scan-scancompleted |
| s-cisco-amp-system-info-12 |
cisco-secureendpoint-sk4-alert-trigger-success-dropperinfection |
| s-cisco-amp-system-info-13 |
cisco-secureendpoint-sk4-app-notification-success-updatecompleted |
| s-cisco-amp-system-info-14 |
cisco-secureendpoint-mix-app-notification-productupdatefailed |
| s-cisco-amp-system-info-15 |
cisco-secureendpoint-cef-app-notification-productupdatestarted |
| s-cisco-amp-system-info-16 |
cisco-secureendpoint-sk4-endpoint-scan-scanstarted |
| s-cisco-amp-system-info-17 |
cisco-secureendpoint-sk4-alert-trigger-success-systemprocessprotected |
| s-cisco-amp-system-info-18 |
cisco-secureendpoint-sk4-alert-trigger-success-faultcleared |
| s-cisco-amp-system-info-19 |
cisco-secureendpoint-sk4-app-notification-success-rebootcompleted |
| s-cisco-amp-system-info-20 |
cisco-secureendpoint-sk4-app-notification-success-rebootpending |
| s-cisco-amp-system-info-21 |
cisco-secureendpoint-sk4-app-notification-success-rebootadvised |
| s-cisco-amp-system-info-22 |
cisco-secureendpoint-sk4-app-notification-success-rebootrequired |
| s-cisco-amp-system-info-23 |
cisco-secureendpoint-sk4-app-notification-success-installfailure |
| s-cisco-amp-system-info-24 |
cisco-secureendpoint-sk4-file-restore-success-fromquarantine |
| s-cisco-amp-system-info-25 |
cisco-secureendpoint-sk4-file-restore-success-falsepositive |
| s-cisco-amp-system-info-26 |
cisco-secureendpoint-sk4-endpoint-scan-scanfailed |
| s-cisco-amp-system-info-27 |
cisco-secureendpoint-sk4-alert-trigger-systemprocessprotection |
| s-cisco-amp-system-info-8 |
cisco-secureendpoint-sk4-file-read-filefetch |
| s-cisco-amp-system-info-9 |
cisco-secureendpoint-sk4-app-notification-installstarted |
| s-codegreen-dlp-alert |
dg-ndlp-kv-alert-trigger-success-emailsubject |
| s-codegreen-dlp-email-out |
dg-ndlp-kv-email-send-success-smtp |
| s-common-ftp-app-activity |
ftp-f-str-app-activity-undefined |
| s-common-ftp-app-activity-1 |
ftp-f-str-app-activity-user |
| s-common-ftp-app-activity-2 |
ftp-f-str-app-activity-sshdisconnect |
| s-common-ftp-app-activity-3 |
ftp-f-str-app-activity-list |
| s-common-ftp-app-activity-4 |
ftp-f-str-app-activity-size |
| s-common-ftp-app-activity-5 |
ftp-f-str-app-activity-mkd |
| s-common-ftp-app-activity-6 |
ftp-f-str-app-activity-quit |
| s-common-ftp-app-activity-7 |
ftp-f-str-app-activity-kick |
| s-common-ftp-app-activity-8 |
ftp-f-str-app-activity-retr |
| s-common-ftp-delete |
ftp-f-str-file-delete-success-250 |
| s-common-ftp-delete-1 |
ftp-f-str-file-delete-success-200 |
| s-common-ftp-download |
ftp-f-str-file-read-success-200 |
| s-common-ftp-download-1 |
ftp-f-str-file-read-success-226 |
| s-common-ftp-failed-login |
ftp-f-str-app-login-fail-401 |
| s-common-ftp-failed-login-1 |
ftp-f-str-app-login-fail-530 |
| s-common-ftp-login |
ftp-f-str-app-login-success-230 |
| s-common-ftp-login-1 |
ftp-f-str-app-login-success-200 |
| s-common-ftp-upload |
ftp-f-str-file-write-sucess-200 |
| s-common-ftp-upload-1 |
ftp-f-str-file-write-sucess-226 |
| s-crowdstrike-app-dll-alert |
crowdstrike-falcon-sk4-alert-trigger-success-reflectivedllname |
| s-crowdstrike-app-login |
crowdstrike-falcon-json-app-login-twofactorauth |
| s-crowdstrike-app-login-1 |
crowdstrike-falcon-json-app-login-userauth |
| s-crowdstrike-app-login-10 |
crowdstrike-falcon-json-app-login-success-assert |
| s-crowdstrike-app-login-2 |
crowdstrike-falcon-sk4-app-login-success-validateentitlement |
| s-crowdstrike-app-login-3 |
crowdstrike-falcon-cef-app-login-success-assert-1 |
| s-crowdstrike-app-login-4 |
crowdstrike-falcon-cef-app-login-accepteula |
| s-crowdstrike-app-login-5 |
crowdstrike-falcon-cef-app-login-success-startevent |
| s-crowdstrike-app-login-6 |
crowdstrike-falcon-json-app-login-createapi |
| s-crowdstrike-app-login-7 |
crowdstrike-falcon-json-app-login-streamstarted |
| s-crowdstrike-app-login-8 |
crowdstrike-falcon-json-app-login-twofactorauthenticate |
| s-crowdstrike-app-login-9 |
crowdstrike-falcon-sk4-app-login-success-userauthenticate |
| s-crowdstrike-app-logout |
crowdstrike-falcon-sk4-app-logout-streamstopped |
| s-crowdstrike-app-logout-2 |
"crowdstrike-falcon-cef-app-logout-sessionend |
| s-crowdstrike-app-ransomware |
crowdstrike-falcon-sk4-file-read-success-targetfilename |
| s-crowdstrike-failed-logon |
crowdstrike-falcon-sk4-endpoint-login-userloginfail |
| s-crowdstrike-process-alert |
crowdstrike-falcon-mix-alert-trigger-success-suspiciousactivity |
| s-crowdstrike-security-alert |
crowdstrike-falcon-mix-alert-trigger-success-detection |
| s-cws-proxy |
cisco-cws-kv-http-session-webcatcode |
| s-cyberark-account-switch |
cyberark-vault-kv-user-switch-success-retrievepassword-1 |
| s-cyberark-account-switch-2 |
cyberark-pam-str-user-switch-success-passwordretrieve |
| s-cyberark-account-switch-3 |
cyberark-pam-str-user-switch-success-passwordretrieve-1 |
| s-cyberark-activity |
cyberark-pam-kv-rdp-traffic-success-secureconnect |
| s-cyberark-activity-1 |
cyberark-pam-kv-rdp-traffic-success-windowtitle |
| s-cyberark-activity-3 |
cyberark-pam-kv-endpoint-logout-disconnect |
| s-cyberark-activity-4 |
cyberark-pam-kv-rdp-traffic-success-psmconnect |
| s-cyberark-activity-5 |
cyberark-pam-kv-ssh-traffic-success-keystrokelogin |
| s-cyberark-activity-6 |
cyberark-pam-str-app-activity-success-usepassword |
| s-cyberark-activity-7 |
cyberark-pam-str-app-activity-success-storepassword |
| s-cyberark-app-activity |
cyberark-pam-kv-app-activity-fileoperations |
| s-cyberark-app-activity-1 |
cyberark-pam-kv-app-activity-windowtitle |
| s-cyberark-app-activity-2 |
cyberark-pam-kv-app-activity-uploadrecording |
| s-cyberark-app-activity-3 |
cyberark-pam-kv-app-activity-usepassword |
| s-cyberark-app-activity-4 |
cyberark-pam-kv-app-activity-storepassword |
| s-cyberark-app-activity-5 |
cyberark-pam-kv-app-activity-filecategory |
| s-cyberark-app-activity-6 |
cyberark-pam-kv-app-activity-connectsessionend |
| s-cyberark-app-activity-7 |
cyberark-pam-kv-app-activity-logoff |
| s-cyberark-app-activity-8 |
cyberark-pam-kv-app-activity-rulesend |
| s-cyberark-app-activity-9 |
cyberark-pam-kv-app-activity-rulesstart |
| s-cyberark-app-login |
cyberark-vault-kv-app-login-logon |
| s-cyberark-failed-logon |
cyberark-vault-kv-endpoint-login-fail-psm |
| s-cyberark-failed-logon-1 |
cyberark-pam-kv-endpoint-login-fail-failedtoinit |
| s-cyberark-file-delete |
cyberark-pam-kv-file-delete-success-deletefile |
| s-cyberark-file-read-1 |
cyberark-pam-kv-file-read-success-openfile |
| s-cyberark-file-read-2 |
cyberark-pam-kv-file-read-success-retrievefile |
| s-cyberark-file-write-1 |
cyberark-pam-kv-file-write-success-openfile |
| s-cyberark-file-write-2 |
cyberark-pam-kv-file-write-success-storefile |
| s-cyberark-password-change |
cyberark-pam-kv-user-password-modify-success-cpmpasswordchanged |
| s-cyberark-password-change-failed |
cyberark-vault-kv-user-password-modify-fail-changepassword |
| s-cyberark-password-reset |
cyberark-pam-kv-user-password-reset-success-setpassword |
| s-cyberark-remote-logon-1 |
cyberark-vault-kv-rdp-traffic-success-psmconnect-1 |
| s-cyberark-remote-logon-2 |
cyberark-vault-kv-rdp-traffic-success-psmsecure |
| s-cyberark-security-alert |
cyberark-pta-kv-alert-trigger-success-pta |
| s-cyberark-security-alert-1 |
cyberark-pam-kv-alert-trigger-success-nonauthorizedimpersonation |
| s-cyberark-security-alert-2 |
cyberark-pam-kv-alert-trigger-success-keystrokelogging |
| s-cyberark-tpm-account-switch |
cyberark-pam-str-user-switch-success-retrievepassword |
| s-cyberark-tpm-activity |
cyberark-pam-kv-app-activity-success-otherinfo |
| s-cyberark-tpm-login |
cyberark-pam-kv-app-login-success-loginobjecttype |
| s-cylance-app-activity |
blackberry-protect-kv-app-login-success-loginsuccess |
| s-damballa-alert |
damballa-failsafe-kv-alert-trigger-success-alerttrigger |
| s-database-login-18453 |
microsoft-mssql-kv-database-login-success-18453 |
| s-database-login-18454 |
microsoft-mssql-kv-database-login-success-18454 |
| s-db-failed-login |
ibm-guardium-csv-database-login-fail-loginfailed |
| s-db-login |
ibm-guardium-csv-database-login-success-no |
| s-digitalguardian-app-login-1 |
dg-ep-kv-app-login-success-operation27 |
| s-digitalguardian-app-login-2 |
dg-ep-kv-app-login-success-applicationstart |
| s-digitalguardian-app-login-3 |
dg-ep-kv-app-login-success-applicationstart-1 |
| s-digitalguardian-dlp-alert-1 |
dg-ndlp-kv-email-send-success-ruleblock |
| s-digitalguardian-dlp-alert-2 |
dg-ndlp-kv-email-send-success-resolutionstatus |
| s-digitalguardian-dlp-email-out-1 |
dg-ndlp-kv-email-send-success-28-2 |
| s-digitalguardian-dlp-email-out-2 |
dg-ndlp-kv-email-send-success-28-1 |
| s-digitalguardian-dlp-email-out-3 |
dg-ndlp-kv-email-send-success-sendmail |
| s-digitalguardian-dlp-email-out-4 |
dg-ndlp-kv-email-send-success-sendmail-1 |
| s-digitalguardian-file-download |
dg-ep-kv-file-download-success-operationid2 |
| s-digitalguardian-file-read |
dg-ep-kv-file-success-applicationdataexchange |
| s-digitalguardian-file-upload |
dg-ep-kv-file-download-success-operationid21 |
| s-digitalguardian-file-write-1 |
dg-ep-kv-file-success-11 |
| s-digitalguardian-file-write-2 |
dg-ep-kv-file-success-7 |
| s-digitalguardian-file-write-3 |
dg-ep-kv-file-fixed |
| s-digitalguardian-file-write-4 |
dg-ep-kv-file-fileoperation |
| s-digitalguardian-file-write-5 |
dg-ep-kv-file-remote |
| s-digitalguardian-local-logon-1 |
dg-ep-kv-endpoint-login-success-23 |
| s-digitalguardian-local-logon-2 |
dg-ep-kv-endpoint-login-fail-userlogon |
| s-digitalguardian-local-logon-3 |
dg-ep-kv-endpoint-login-success-userlogon |
| s-digitalguardian-logout |
dg-ep-kv-app-kv-logout-success-utctime |
| s-digitalguardian-logout-1 |
dg-ep-kv-app-kv-logout-success-userlogoff |
| s-digitalguardian-network-connection |
dg-ep-kv-network-traffic-success-4 |
| s-digitalguardian-print-activity-1 |
dg-ep-kv-printer-activity-success-22-1 |
| s-digitalguardian-print-activity-2 |
dg-ep-kv-printer-activity-success-22 |
| s-digitalguardian-print-activity-3 |
dg-ep-kv-printer-activity-success-print |
| s-digitalguardian-print-activity-4 |
dg-ep-kv-printer-activity-success-print-1 |
| s-digitalguardian-usb-activity |
dg-ep-kv-peripheral-storage-insert-success-notblocked |
| s-digitalguardian-usb-insert-2 |
dg-ep-kv-peripheral-storage-insert-success-deviceadded |
| s-digitalguardian-usb-insert-3 |
dg-ep-kv-peripheral-storage-insert-success-deviceadded-1 |
| s-digitalguardian-usb-write |
dg-ep-kv-file-write-success-filecopy |
| s-dlp-email-out |
forcepoint-dlp-cef-email-send-datasecurity |
| s-dropbox-app-activity-1 |
dropbox-d-json-app-activity-success-sharing |
| s-dropbox-app-activity-2 |
dropbox-d-json-app-activity-success-sharing-2 |
| s-dropbox-apps-activity |
dropbox-d-json-app-activity-success-apps |
| s-dropbox-devices-activity |
dropbox-d-json-app-login-success-devices |
| s-dropbox-files-activity |
dropbox-d-json-file-success-fileactivity |
| s-dropbox-logins-activity |
dropbox-d-json-app-login-success-logines |
| s-dropbox-members-activity |
dropbox-d-json-app-activity-success-members |
| s-dropbox-sharing-activity |
dropbox-d-json-file-success-sharing |
| s-dtex |
dtexsystems-intercept-str-file-process-success-userdept |
| s-duo-app-activity |
cisco-duo-json-app-activity-success-phonecreate |
| s-duo-app-login |
cisco-duo-json-app-login-success-adminlogin |
| s-duo-auth-json |
cisco-duo-json-endpoint-authentication-ip |
| s-duo-auth-json-1 |
cisco-duo-json-endpoint-authentication-result |
| s-duo-auth-set-ip |
cisco-duo-str-app-authentication-success-forwardserver |
| s-duo-auth-successful |
cisco-duo-str-app-authentication-success-allow |
| s-duo-failed-app-login |
cisco-duo-json-app-login-fail-adminloginerror |
| s-duo-failed-app-login-1 |
cisco-duo-json-app-login-fail-admin2faerror |
| s-endpoint-dlp-alert |
dg-ndlp-kv-alert-trigger-success-endpointusername |
| s-estreamer-network-connection |
cisco-fp-json-network-traffic-accesscontrol |
| s-estreamer-network-connection-1 |
cisco-fp-kv-network-traffic-estreamer |
| s-estreamer-network-connection-2 |
cisco-fp-kv-network-traffic-success-accesscontrolrule |
| s-estreamer-security-alert |
cisco-fp-json-alert-trigger-success-502 |
| s-exchange-app-activity |
microsoft-exchange-kv-app-activity-appactivity |
| s-f5-dns-response |
f5-bigipdns-str-dns-response-success-rcode |
| s-f5-vpn-p1 |
f5-apm-kv-vpn-login-success-clientaccepted |
| s-f5-vpn-p2 |
f5-apm-kv-vpn-login-success-accesspolicyagentevt |
| s-failed-app-login |
microsoft-mssql-kv-app-login-fail-18456 |
| s-failed-physical-access-unknown |
badge-b-csv-physical-location-access-fail-unauthorisedcard |
| s-failed-physical-access-unknown-1 |
badge-b-csv-physical-location-access-fail-nozoneprivilege |
| s-failed-physical-badge-access-7 |
badge-b-csv-physical-location-access-fail-cardrejected |
| s-fidelis-alert |
fidelis-fnetwork-cef-alert-trigger-success-alertid |
| s-fireeye-hx-alert |
fireeye-endpointsecurity-leef-alert-trigger-success-iochitfound |
| s-fireeye-hx-alert-1 |
fireeye-endpointsecurity-kv-alert-trigger-success-fireeyeacquisitioncompleted |
| s-fireeye-hx-alert-2 |
fireeye-endpointsecurity-cef-alert-trigger-success-containmentcancelled |
| s-fireeye-hx-alert-3 |
fireeye-endpointsecurity-json-alert-trigger-success-eventat |
| s-fireeye-hx-alert-4 |
fireeye-endpointsecurity-json-alert-trigger-success-processevent |
| s-fireeye-hx-alert-5 |
fireeye-es-json-file-write-success-alert |
| s-fireeye-hx-alert-6 |
fireeye-endpointsecurity-json-alert-trigger-success-ipv4networkevent |
| s-fireeye-hx-alert-hx |
fireeye-endpointsecurity-cef-alert-trigger-success-iochitfound |
| s-fireeye-hx-alert-s-1 |
fireeye-endpointsecurity-json-alert-trigger-success-product |
| s-fireeye-mps-alert |
fireeye-networksecurity-csv-alert-trigger-success-webmps |
| s-fortinet-dhcp |
fortinet-firewall-kv-dhcp-session-success-dhcpacklog |
| s-github-activity |
github-g-kv-app-login-authentication |
| s-github-audit |
github-g-json-app-activity-success-githubaudit |
| s-github-unicorn-activity |
"github-g-kv-http-request-api |
| s-guardium-db-access |
ibm-guardium-leef-database-activity-success-ibm |
| s-guardium-db-alert |
ibm-guardium-kv-alert-trigger-success-guardiumalert |
| s-guardium-db-alert-1 |
ibm-guardium-str-alert-trigger-success-mssql |
| s-hp-print-activity |
hp-printserver-kv-printer-activity-success-unspecified |
| s-icpam-badge-access |
icpam-i-kv-physical-location-access-success-granted |
| s-infoblox-config-change |
infoblox-bddi-str-configuration-modify-zoneapplied |
| s-infoblox-dhcp-1 |
infoblox-bddi-str-endpoint-login-success-dhcpack |
| s-infoblox-dhcp-2 |
infoblox-bddi-str-endpoint-login-success-dhcpoffer |
| s-infoblox-dhcp-3 |
infoblox-bddi-str-endpoint-login-success-requestdhcp |
| s-infoblox-dhcp-4 |
infoblox-bddi-str-dhcp-session-success-dynamicleases |
| s-infoblox-dhcp-dhcpdecline |
infoblox-bddi-str-dhcp-traffic-dhcpdecline |
| s-infoblox-dhcp-dhcpdiscover |
infoblox-bddi-str-dhcp-discover-dhcpd |
| s-infoblox-dhcp-dhcpexpire |
infoblox-bddi-str-dhcp-traffic-dhcpexpire |
| s-infoblox-dhcp-dhcpinform |
infoblox-bddi-str-dhcp-traffic-success-dhcpd |
| s-infoblox-dhcp-dhcprelease |
infoblox-bddi-str-dhcp-traffic-dhcprelease |
| s-infoblox-dhcp-fixed |
infoblox-bddi-csv-app-notification-fixed |
| s-infoblox-dhcp-freed |
infoblox-bddi-csv-ip-free-dhcpd |
| s-infoblox-dhcp-issued |
infoblox-bddi-str-network-notification-dhcpdissued |
| s-infoblox-one-dhcp-file-write |
infoblox-bddi-str-file-write-success-backupsuccess |
| s-infoblox-one-dhcp-vpn-connection |
infoblox-bddi-str-vpn-session-success-connectioninitiated |
| s-intrust-dns |
questintrust-q-kv-endpoint-login-success-dnsrecord |
| s-ironport-dlp-email-alert |
cisco-ie-str-email-success-dcid |
| s-ironport-email-aborted |
cisco-ie-str-email-aborted |
| s-ironport-email-attachment |
cisco-ie-str-email-attachment |
| s-ironport-email-av-result |
"cisco-ie-cef-email-antivirus |
| s-ironport-email-av-result-2 |
cisco-ie-str-email-av-verdict |
| s-ironport-email-bytes |
"cisco-ie-cef-email-bytesfrom |
| s-ironport-email-file-verdict |
cisco-ie-str-email-file-verdict |
| s-ironport-email-graymail |
cisco-ie-str-email-graymail |
| s-ironport-email-outcome |
"cisco-ie-cef-email-finished |
| s-ironport-email-recipient |
"cisco-ie-cef-email-to |
| s-ironport-email-sender |
"cisco-ie-cef-email-from |
| s-ironport-email-sender-1 |
cisco-ie-mix-email-send-receive-from |
| s-ironport-email-spam-result |
"cisco-ie-cef-email-spam |
| s-ironport-email-subject |
"cisco-ie-cef-email-subject |
| s-ironport-email-url |
cisco-ie-str-email-url |
| s-ironport-email-url-1 |
cisco-ie-str-email-url-1 |
| s-json-4697 |
microsoft-evsecurity-json-service-create-success-4697 |
| s-json-4697-1 |
microsoft-windows-json-service-create-success-4697 |
| s-juniper-nwc-vpn-resume |
juniper-ps-kv-vpn-login-success-firewall |
| s-juniper-pulse-activity |
juniper-ps-kv-app-activity-success-webrequestcomplect |
| s-juniper-vpn-end |
juniper-ps-kv-vpn-logout-success-firewall |
| s-juniper-vpn-realm |
juniper-ps-kv-vpn-login-success-firewall-3 |
| s-juniper-vpn-start |
juniper-ps-kv-vpn-login-success-firewall-1 |
| s-juniper-vpn-timeout |
juniper-ps-kv-vpn-logout-success-firewall-1 |
| s-kaspersky-endpoint-security |
"kaspersky-endpointsecurity-xml-alert-trigger-success-security |
| s-kaspersky-es-alert |
kaspersky-endpointsecurity-kv-alert-trigger-success-eventlog |
| s-kaspersky-es-alert-1 |
kaspersky-endpointsecurity-cef-alert-trigger-success-productversion |
| s-lanscope-app-activity-1 |
lanscope-cat-csv-app-activity-appactivity |
| s-lanscope-asset-alert |
lanscope-cat-csv-app-activity-success-assetalarmlog |
| s-lanscope-file-operations |
lanscope-cat-csv-file-success-realtime |
| s-lanscope-print-activity |
lanscope-cat-csv-printer-activity-success-activity |
| s-lanscope-process-created |
lanscope-cat-csv-network-session-success-active |
| s-lanscope-process-created-failed |
lanscope-cat-csv-process-create-fail-err |
| s-lanscope-web-activity |
lanscope-cat-csv-http-session-success-weblogaccess |
| s-lanscopecat-logon |
lanscope-cat-kv-endpoint-login-success-loginuser |
| s-lanscopecat-print-activity |
lanscope-cat-kv-printer-activity-success-lanscopecatprint |
| s-lanscopecat-usb-activity |
lanscope-cat-kv-peripheral-storage-activity-windowtitle |
| s-lanscopecat-web-activity |
lanscope-cat-kv-http-session-success-webaccess |
| s-liebsoft-account-switch |
beyondtrust-b-kv-user-switch-success-accessgranted |
| s-liebsoft-app-login |
beyondtrust-prividentity-kv-app-login-success-3016 |
| s-lumension-usb |
lumension-l-kv-peripheral-storage-insert-usb |
| s-mcafee-clean-failed-alert |
mcafee-es-csv-alert-trigger-success-cleanfailed |
| s-mcafee-cleaned-alert |
mcafee-es-str-alert-trigger-success-cleaned |
| s-mcafee-deleted-alert |
mcafee-es-str-alert-trigger-success-deleted |
| s-mcafee-dlp-alert |
mcafee-dlp-kv-alert-trigger-success-plug |
| s-mcafee-dlp-alert-1 |
mcafee-dlp-kv-alert-trigger-success-alerttrigger-1 |
| s-mcafee-dlp-alert-2 |
mcafee-dlp-kv-alert-trigger-success-destdns |
| s-mcafee-dlp-alert-3 |
mcafee-dlp-kv-alert-trigger-success-alerttrigger-2 |
| s-mcafee-email-dlp-alert-out |
mcafee-ep-kv-email-send-success-emailprotection |
| s-mcafee-epo-alert |
mcafee-es-kv-alert-trigger-success-timestamp |
| s-mcafee-epo-alert-2 |
mcafee-es-kv-alert-trigger-success-parametervalue |
| s-mcafee-epo-alert-3 |
mcafee-es-kv-alert-trigger-success-threathandled |
| s-mcafee-epo-alert-4 |
mcafee-es-kv-alert-trigger-success-alerttrigger |
| s-mcafee-epo-dlp-alert |
mcafee-dlp-kv-alert-trigger-success-lossprevention |
| s-mcafee-epo-dlp-alert-2 |
mcafee-ep-kv-alert-trigger-success-islaptop |
| s-mcafee-print-activity |
mcafee-dlp-kv-printer-activity-success-printingprotection |
| s-mcafee-print-activity-1 |
mcafee-dlp-kv-printer-activity-success-printing |
| s-mcafee-print-activity-2 |
mcafee-dlp-str-printer-activity-success-40301 |
| s-mcafee-process-alert |
mcafee-es-kv-alert-trigger-success-actionblocked |
| s-mcafee-security-alert |
mcafee-es-kv-alert-trigger-success-4 |
| s-mcafee-security-alert-1 |
mcafee-es-csv-alert-trigger-success-security |
| s-mcafee-security-alert-2 |
mcafee-es-csv-alert-trigger-success-alerttrigger |
| s-mcafee-usb-activity |
mcafee-es-kv-file-write-success-localizationkey |
| s-mcafee-usb-activity-bluetooth |
mcafee-es-str-file-write-success-bluetooth |
| s-mcafee-usb-activity-diskdrives |
mcafee-es-str-file-write-success-diskdrives |
| s-mcafee-usb-activity-dvd |
mcafee-es-str-file-write-success-romdrives |
| s-mcafee-usb-activity-dvd-1 |
mcafee-es-str-file-write-success-filewritepc |
| s-mcafee-usb-activity-dvd-2 |
mcafee-es-str-file-write-success-usbfilewritemac |
| s-mcafee-usb-activity-imaging |
mcafee-es-str-file-write-success-imagingdevices |
| s-mcafee-usb-activity-portable |
mcafee-es-str-file-write-success-portabledevice |
| s-mcafee-usb-filewrite |
mcafee-es-str-file-write-success-usbfilewrite |
| s-mcafee-usb-insert-cddrive |
mcafee-es-kv-file-write-success-romdrives-1 |
| s-mcafee-usb-insert-dd |
mcafee-es-kv-file-write-success-diskdrives-1 |
| s-mcafee-usb-insert-pd |
mcafee-es-kv-peripheral-storage-insert-success-pd |
| s-mcafee-usb-insert-usbd |
mcafee-es-kv-peripheral-storage-insert-success-usbd |
| s-mcafee-vse-epo-dlp-alert |
mcafee-dlp-kv-alert-trigger-success-analyzerdlp |
| s-mdam-db-query |
mcafee-mdam-kv-database-dbactivity |
| s-member-added-2003 |
microsoft-evsecurity-json-group-member-add-success-groupmemberadded |
| s-member-added-2008 |
microsoft-evsecurity-kv-group-member-add-success-memberaddedinsecurity |
| s-member-added-2008-jp |
microsoft-evsecurity-csv-group-member-add-success-memberadded |
| s-member-removed-2003 |
microsoft-evsecurity-json-group-member-remove-success-groupmemberremoved |
| s-member-removed-2008 |
microsoft-evsecurity-kv-group-member-remove-success-securityenabled |
| s-microsoft-database-login |
microsoft-mssql-kv-database-login-fail-sqlagent |
| s-microsoft-dhcp |
microsoft-windows-json-endpoint-login-success-assign |
| s-microsoft-dhcp-nack |
microsoft-evdhcpserver-str-dhcp-session-fail-nack |
| s-microsoft-dns-renew |
microsoft-windows-json-endpoint-login-success-renew |
| s-microsoft-dns-update |
microsoft-evdnsserver-json-endpoint-login-success-update |
| s-microsoft-isa-proxy-1 |
microsoft-wapgateway-str-http-session-tinet |
| s-microsoft-isa-proxy-2 |
microsoft-wapgateway-kv-http-session-thttp |
| s-microsoft-isa-proxy-3 |
microsoft-wapgateway-json-http-session-reqid |
| s-microsoft-print-activity |
microsoft-evprintservice-kv-printer-activity-success-printprocessor |
| s-microsoft-print-activity-1 |
microsoft-evprintservice-str-printer-activity-success-pagesprinted |
| s-mimecast-app-activity |
mimecast-seg-str-app-activity-success-auditlog |
| s-mimecast-app-activity-1 |
mimecast-seg-sk4-app-activity-success-auditevents |
| s-mimecast-app-login |
mimecast-seg-kv-app-login-success-auditlog |
| s-mimecast-dlp-email |
mimecast-seg-kv-email-rcpt |
| s-mimecast-dlp-email-1 |
mimecast-seg-sk4-email-receive-impersonationprotect |
| s-morphisec-security-alert |
morphisec-eptp-json-alert-trigger-success-attacktimedt |
| s-mssql-database-login |
microsoft-mssql-kv-database-login-success-33205 |
| s-mssql-database-login-1 |
microsoft-mssql-kv-database-login-success-lgis |
| s-mssql-database-login-failed |
microsoft-mssql-kv-database-login-fail-33205 |
| s-mssql-database-login-failed-xml |
"microsoft-mssql-xml-database-login-failed-33205 |
| s-mssql-database-login-xml |
"microsoft-mssql-xml-database-login-success-33205 |
| s-mssql-database-logout |
"microsoft-mssql-xml-database-logout-success-lgo |
| s-mssql-database-query-al |
microsoft-mssql-kv-database-query-success-33205-2 |
| s-mssql-database-query-al-1 |
microsoft-mssql-kv-database-modify-success-al |
| s-mssql-database-query-al-xml |
"microsoft-mssql-xml-database-query-success-30205-2 |
| s-mssql-database-query-cr |
microsoft-mssql-kv-database-modify-success-cr |
| s-mssql-database-query-dl |
microsoft-mssql-kv-database-query-success-33205 |
| s-mssql-database-query-dl-1 |
microsoft-mssql-kv-database-delete-success-dl |
| s-mssql-database-query-dl-xml |
"microsoft-mssql-xml-database-query-success-33205 |
| s-mssql-database-query-dr |
microsoft-mssql-kv-database-delete-success-dr |
| s-mssql-database-query-sl |
microsoft-mssql-kv-database-query-success-33205-1 |
| s-mssql-database-query-sl-1 |
microsoft-mssql-kv-database-query-success-sl |
| s-mssql-database-query-sl-xml |
"microsoft-mssql-xml-database-query-success-33205-1 |
| s-mssql-database-query-vw |
microsoft-mssql-kv-database-activity-success-dbactivity |
| s-mvision-dlp-alert |
mvision-m-kv-alert-trigger-success-alertpolicydlp |
| s-mvision-dlp-alert-1 |
mvision-m-json-alert-trigger-success-outgoingprinter |
| s-mvision-dlp-alert-2 |
mvision-m-json-alert-trigger-success-outgoingemail |
| s-mvision-dlp-alert-3 |
mvision-m-json-alert-trigger-success-outgoingmemoryviacloud |
| s-mvision-dlp-alert-4 |
mvision-m-json-alert-trigger-success-outgoinghttp |
| s-mvision-dlp-alert-5 |
mvision-m-json-alert-trigger-success-outgoingfsremovablestorage |
| s-mwg-proxy |
mcafee-wg-kv-http-session-urlp |
| s-mwg-proxy-1 |
mcafee-wg-kv-http-session-urlp-1 |
| s-mwg-proxy-3 |
mcafee-wg-kv-http-session-success-mwgaccess3 |
| s-mwg-proxy-3-denied |
mcafee-wg-kv-http-session-fail-accesdenied |
| s-mwg-web-activity |
mcafee-wg-kv-http-session-authenticationmethod |
| s-n3k-dhcp |
n3k-n-kv-dhcp-session-success-time |
| s-nac-failed-logon |
cisco-ise-kv-endpoint-authentication-fail-attempts |
| s-nac-failed-logon-1 |
cisco-ise-kv-radius-traffic-fail-deviceadministrationfailed |
| s-nac-failed-logon-2 |
cisco-ise-kv-radius-traffic-fail-cisefailedattempt |
| s-nac-logon |
cisco-ise-kv-radius-traffic-success-authsucceeded |
| s-nac-logon-1 |
cisco-ise-kv-radius-traffic-success-deviceadminstrationsucceeded |
| s-nac-logon-2 |
cisco-ise-cef-radius-traffic-success-cisepassedauth |
| s-nasuni-file-delete |
nasuni-n-csv-file-delete-success-deletefile |
| s-nasuni-file-delete-1 |
nasuni-n-csv-file-delete-success-deletedirectory |
| s-nasuni-file-permission-change |
nasuni-n-csv-file-permission-modify-success-dosattribute |
| s-nasuni-file-permission-change-1 |
nasuni-n-csv-file-permission-modify-success-extendedattributes |
| s-nasuni-file-permission-change-2 |
nasuni-n-csv-file-permission-modify-success-setacl |
| s-nasuni-file-write |
nasuni-n-csv-file-write-success-writetofile |
| s-nasuni-file-write-1 |
nasuni-n-csv-file-write-success-rename |
| s-nasuni-file-write-2 |
nasuni-n-csv-file-write-success-truncatefile |
| s-net2door-badge-access |
paxton-net2door-json-physical-location-access-peripheralname |
| s-netscaler-auth-failed |
citrix-cgateway-str-endpoint-authentication-fail-failedlogin |
| s-netskope-activity |
netskope-sc-json-file-auditlogevent |
| s-netskope-login |
netskope-sc-json-app-login-success-loginsuccessful-1 |
| s-o365-dlp-alert |
microsoft-defenderep-json-alert-trigger-success-dlprulematch |
| s-o365-dlp-alert-1 |
microsoft-defenderep-json-alert-trigger-success-dlprulematch-1 |
| s-o365-dlp-alert-2 |
microsoft-defenderep-sk4-alert-trigger-success-dlpmatchrule |
| s-oam-app-login |
oracle-am-str-app-login-authn |
| s-oam-app-login-1 |
oracle-am-str-app-login-success-auth |
| s-okta-app-activity |
okta-amfa-json-app-app |
| s-okta-app-login |
okta-amfa-json-app-login-success-singlesignon-1 |
| s-okta-app-login-1 |
okta-amfa-json-endpoint-login-success-userlogin |
| s-okta-app-login-2 |
okta-amfa-json-endpoint-login-success-authenticateuser |
| s-okta-app-login-3 |
okta-amfa-json-app-login-success-evaluatesignon-1 |
| s-okta-app-login-4 |
okta-amfa-json-app-login-success-oauth2signon |
| s-okta-failed-app-login |
okta-amfa-json-app-login-fail-signinfailure |
| s-okta-failed-login |
okta-amfa-json-app-login-fail-userlogintookta |
| s-okta-failed-login-1 |
okta-amfa-json-app-login-fail-authenticateuserviainbounddelauth |
| s-okta-failed-login-2 |
okta-amfa-json-app-login-fail-authenticateuserwithadagent |
| s-okta-failed-login-3 |
okta-amfa-json-app-login-fail-useraccountlock |
| s-okta-failed-login-4 |
okta-amfa-mix-app-login-fail-suspiciousactivity |
| s-onelogin-app-activity |
onelogin-o-json-app-login-success-applogin |
| s-onelogin-system-info |
onelogin-o-json-app-notification-lastslogin |
| s-onguard-physical-badge-access |
lenel-og-kv-physical-location-access-accessgranted-1 |
| s-onguard-physical-badge-access-2 |
lenel-og-json-physical-location-access-success-panelname |
| s-opendns-dns-response |
cisco-umbrela-json-dns-response-success-12ptr |
| s-opendns-dns-response-1 |
cisco-umbrella-json-dns-response-success-6soa |
| s-opendns-dns-response-10 |
cisco-umbrella-json-dns-response-success-allowednaptr |
| s-opendns-dns-response-2 |
cisco-umbrella-json-dns-response-success-28aaaa |
| s-opendns-dns-response-3 |
cisco-umbrella-json-dns-response-success-16txt |
| s-opendns-dns-response-4 |
cisco-umbrella-json-dns-response-success-allowedother |
| s-opendns-dns-response-5 |
cisco-umbrella-cef-dns-response-success-allowed |
| s-opendns-dns-response-6 |
cisco-umbrella-json-dns-response-success-blocked |
| s-opendns-dns-response-7 |
cisco-umbrella-json-dns-response-success-allowedns |
| s-opendns-dns-response-8 |
cisco-umbrella-json-dns-response-success-allowedcname |
| s-opendns-dns-response-9 |
cisco-umbrella-json-dns-response-success-allowedmx |
| s-oracle-db-activity |
oracle-db-kv-database-query-success-actionname-1 |
| s-oracle-db-activity-2 |
oracle-db-kv-database-query-success-dbid |
| s-oracle-db-execute-1 |
oracle-db-json-database-query-success-userhost |
| s-oracle-db-login |
oracle-db-kv-database-login-success-logon |
| s-oracle-db-login-1 |
oracle-o-kv-database-login-success-dbx |
| s-oracle-db-login-2 |
oracle-db-json-databse-login-success-osuserhost |
| s-oracle-db-logon |
"oracle-db-xml-database-login-success-dbauth |
| s-oracle-db-query |
"oracle-db-xml-databse-query-success-account |
| s-oracle-db-query-1 |
oracle-db-str-database-query-success-sysdba |
| s-oracle-db-select-1 |
oracle-db-json-database-query-success-osusername |
| s-owa-activity |
microsoft-exchange-str-app-activity-success-isaweblog |
| s-pan-correlation-alert |
pan-wildfire-csv-alert-trigger-success-correlationalert |
| s-pan-incident-alert |
pan-aperture-sk4-alert-trigger-success-incident |
| s-pan-networks-file-activity |
pan-aperture-json-file-activitymonitoring |
| s-pan-policyviolation-alert |
pan-aperture-sk4-alert-trigger-success-policyviolation |
| s-pan-security-alert |
pan-aperture-sk4-alert-trigger-success-incident-1 |
| s-pan-vpn-start-1 |
pan-gp-mix-vpn-login-success-authsucc |
| s-panngwf-spyware-alert |
pan-ngfw-mix-alert-trigger-success-spywarealert |
| s-pantraps-alert |
pan-tesm-kv-alert-trigger-success-alerttrigger |
| s-phantom-dlp-email-in |
phantom-p-kv-email-receive-success-emailreceived |
| s-pharos-print-activity |
pharos-p-kv-printer-activity-success-activity |
| s-physical-access-unknown |
badge-b-csv-physical-location-access-success-dooraccessgranted |
| s-physical-access-unknown-1 |
badge-b-csv-physical-location-access-success-cardexitgranted |
| s-physical-badge-access |
badge-b-kv-physical-location-access-accessevent |
| s-physical-badge-access-2 |
badge-b-kv-physical-location-access-success-cardadmitted |
| s-physical-badge-access-3 |
lenel-og-kv-physical-location-access-evdescr |
| s-physical-badge-access-4 |
badge-b-kv-physical-location-access-success-accesssuccess |
| s-physical-badge-access-5 |
badge-b-json-physical-location-access-fail-badge |
| s-physical-badge-access-6 |
badge-b-json-physical-location-access-accessdescription |
| s-physical-badge-access-7 |
badge-b-csv-physical-location-access-success-cardadmitted |
| s-physical-badge-access-8 |
badge-b-kv-physical-location-access-success-badgevalid |
| s-physical-badge-access-9 |
badge-b-kv-physical-location-access-success-physicallocationaccess |
| s-pictureperfect-badge-access |
pictureperfect-pp-str-physical-location-access-success-pp |
| s-ping-app-login |
pingidentity-pi-json-app-login-success-sso |
| s-ping-auth-attempt |
pingidentity-pi-json-vpn-authentication-success-inprogress |
| s-ping-auth-attempt-4 |
pingidentity-pi-str-endpoint-login-fail-inprogress |
| s-ping-auth-failed |
pingidentity-pi-json-app-authentication-fail-failure-2 |
| s-ping-auth-successful |
pingidentity-pi-json-vpn-authentication-success-authnattempt-1 |
| s-ping-failed-app-login |
pingidentity-pi-json-app-login-fail-sso |
| s-ping-sso |
pingidentity-pi-kv-app-login-success-sso |
| s-postfix-dlp-email |
postfix-postfix-str-email-subject |
| s-postfix-dlp-email-1 |
postfix-postfix-mix-email-sent |
| s-process-alert-carbonblack |
vmware-carbonblackedr-cef-alert-trigger-success-watchlist |
| s-process-alert-carbonblack-1 |
vmware-carbonblackedr-json-alert-trigger-success-feed |
| s-process-alert-carbonblack-2 |
vmware-carbonblackedr-kv-alert-trigger-success-watchlistid |
| s-process-created-carbonblack |
vmware-carbonblackedr-leef-process-create-success-sensor |
| s-process-network-carbonblack |
vmware-carbonblackedr-json-network-session-success-netconn |
| s-process-network-carbonblack-1 |
vmware-carbonblackceedr-sk4-network-session-success-edr |
| s-proofpoint-email-alert |
"proofpoint-tap-cef-email-receive-fail-threatinsight |
| s-proofpoint-email-alert-2 |
proofpoint-tap-cef-email-receive-fail-threatstatus |
| s-proofpoint-email-alert-3 |
proofpoint-tap-json-email-receive-fail-proofpointtapmessagesblocked |
| s-proofpoint-email-alert-4 |
proofpoint-tap-json-email-emailthreat |
| s-proofpoint-email-in |
proofpoint-tap-kv-email-receive-mailreceived |
| s-proofpoint-email-in-1 |
proofpoint-tap-sk4-email-receive-threatdetected |
| s-proofpoint-email-in-2 |
proofpoint-tap-json-email-receive-emailthreat-1 |
| s-prowatch-badge-access |
honeywell-pw-kv-physical-location-access-success-refidtyp |
| s-prowatch-badge-access-2 |
honeywell-pw-kv-physical-location-access-success-cardno |
| s-prowatch-badge-access-3 |
honeywell-pw-kv-physical-location-access-success-accessgranted |
| s-pulsesecure-account-deleted |
juniper-ps-str-user-delete-fail-firewall |
| s-pulsesecure-vpn-login |
juniper-ps-kv-vpn-login-success-firewall-2 |
| s-quest-directory-access |
questsoftware-caad-cef-ds-object-create-success-changeauditor |
| s-quest-failed-logon |
questsoftware-caad-kv-endpoint-login-fail-failed |
| s-radius-wireless-nac-logon |
microsoft-nps-kv-radius-traffic-success-6272 |
| s-rapid7-security-alert |
nexpose-insightvm-kv-alert-trigger-success-solutionsummary |
| s-safesend-dlp-email-alert |
safesend-s-kv-email-send-success-emailexternal |
| s-sailpoint-app-activity |
sailpoint-identitynow-json-app-none |
| s-sailpoint-auth |
sailpoint-identitynow-json-endpoint-authentication-application |
| s-sailpoint-fam-file-delete |
sailpoint-fam-cef-file-delete-success-netapp |
| s-sailpoint-fam-file-perimssion-change |
sailpoint-fam-cef-file-permission-modify-success-netapp |
| s-sailpoint-fam-file-read |
sailpoint-fam-cef-file-read-success-netapp |
| s-sailpoint-fam-file-write |
sailpoint-fam-cef-file-write-success-netapp |
| s-sailpoint-fam-file-write-1 |
sailpoint-fam-cef-file-write-success-createfile |
| s-sailpoint-fam-file-write-2 |
sailpoint-fam-cef-file-write-success-renamefile |
| s-sailpoint-fam-file-write-3 |
sailpoint-fam-cef-file-write-success-createfolder |
| s-sailpoint-launch |
sailpoint-identitynow-json-app-login-success-launchapp |
| s-sailpoint-pwd |
sailpoint-identitynow-json-app-activity-null |
| s-sailpoint-sso |
sailpoint-identitynow-json-app-login-success-ssoapp |
| s-sailpointsiq-ad-account-creation |
sailpoint-securityiq-kv-user-create-success-create |
| s-sailpointsiq-ad-account-deleted |
sailpoint-securityiq-str-user-delete-fail-user |
| s-sailpointsiq-ad-account-lockout |
sailpoint-securityiq-str-user-delete-fail-accountlock |
| s-sailpointsiq-ad-account-passwd-reset |
sailpoint-securityiq-kv-user-password-reset-success-resetpassword |
| s-sailpointsiq-netappcifs-file-delete |
sailpoint-securityiq-kv-file-delete-success-deletefile |
| s-sailpointsiq-netappcifs-file-open |
sailpoint-securityiq-kv-file-read-success-openfile |
| s-sailpointsiq-netappcifs-file-read |
sailpoint-securityiq-kv-file-read-success-readfile |
| s-sailpointsiq-netappcifs-file-write |
sailpoint-securityiq-kv-file-write-success-writefile |
| s-sailpointsiq-netappcifs-folder-create |
sailpoint-securityiq-kv-file-write-success-createfolder |
| s-sailpointsiq-netappcifs-folder-delete |
sailpoint-securityiq-kv-file-delete-success-deletefolder |
| s-sailpointsiq-onedrive-file-delete |
sailpoint-securityiq-kv-file-delete-success-filedeleted |
| s-sailpointsiq-onedrive-file-download |
sailpoint-securityiq-kv-file-download-success-filedownloaded |
| s-sailpointsiq-onedrive-file-read |
sailpoint-securityiq-kv-file-read-success-filepreviewed |
| s-sailpointsiq-onedrive-file-upload |
sailpoint-securityiq-kv-file-upload-success-fileuploaded |
| s-sailpointsiq-onedrive-file-write |
sailpoint-securityiq-kv-file-write-success-filemodified |
| s-sailpointsiq-onedrive-folder-create |
sailpoint-securityiq-kv-file-write-success-foldercreated |
| s-sailpointsiq-onedrive-folder-delete |
sailpoint-securityiq-kv-file-delete-success-folderdeleted |
| s-sailpointsiq-onedrive-folder-modify |
sailpoint-securityiq-kv-file-write-success-foldermodified |
| s-sailpointsiq-sponline-file-operations |
sailpoint-securityiq-kv-file-success-sharepointonline |
| s-sailpointsiq-sponpremise-file-delete |
sailpoint-securityiq-kv-file-delete-success-sharepoint |
| s-sailpointsiq-windowsfs-file-read |
sailpoint-securityiq-kv-file-read-success-readfile-1 |
| s-sailpointsiq-windowsfs-member-added |
sailpoint-securityiq-kv-group-member-add-success-winfileserver |
| s-sailpointsiq-windowsfs-member-removed |
sailpoint-securityiq-kv-group-member-remove-success-memberremoved |
| s-sailpointsiq-windowsfs-perm-add-file |
sailpoint-securityiq-kv-file-permission-modify-success-addfile |
| s-sailpointsiq-windowsfs-perm-add-folder |
sailpoint-securityiq-kv-file-permission-modify-success-addfolder |
| s-sailpointsiq-windowsfs-perm-remove-file |
sailpoint-securityiq-kv-file-permission-modify-success-removefile |
| s-sailpointsiq-windowsfs-perm-remove-folder |
sailpoint-securityiq-kv-file-permission-modify-success-fileserver |
| s-salesforce-app-login |
salesforce-sf-kv-app-login-logingeoid |
| s-scep-epp-alert |
microsoft-defenderep-kv-alert-trigger-success-systemcenterep-1 |
| s-securesphere-db-alert |
imperva-securesphere-kv-alert-trigger-success-alert |
| s-securesphere-db-login |
imperva-securesphere-kv-database-login-success-userauth |
| s-securesphere-db-login-1 |
imperva-securesphere-kv-database-login-fail-login |
| s-securesphere-db-query |
imperva-securesphere-kv-database-query-success-databasequery |
| s-sendmail-email-antivirus |
unix-sm-str-email-virusclean |
| s-sendmail-email-attachment |
unix-sm-kv-email-attach |
| s-sendmail-email-client |
unix-sm-kv-email-client |
| s-sendmail-email-from |
unix-sm-kv-email-send |
| s-sendmail-email-recipients |
unix-sm-kv-email-envelopesender |
| s-sendmail-email-stat |
unix-sm-kv-email-delay |
| s-sep-mobile-alert |
symantec-endpointprotection-json-alert-trigger-success-malware |
| s-sep-mobile-alert-1 |
symantec-endpointprotection-json-alert-trigger-success-malware-1 |
| s-sep-mobile-alert-2 |
symantec-endpointprotection-sk4-alert-trigger-success-devicecompromised |
| s-sep-mobile-alert-3 |
symantec-endpointprotection-sk4-alert-trigger-success-network |
| s-sep-mobile-alert-4 |
symantec-endpointprotection-sk4-alert-trigger-success-vulnerableos |
| s-sep-mobile-alert-5 |
symantec-endpointprotection-sk4-alert-trigger-success-unwantedapp |
| s-shibboleth-sso |
shibboleth-s-str-app-login-success-shibbolethaudit |
| s-shibboleth-sso-1 |
shibboleth-s-str-app-login-success-3877 |
| s-shibboleth-sso-2 |
shibboleth-s-kv-app-notification-warn |
| s-skyfence-activity |
forcepoint-casb-cef-app-activity-skyfence |
| s-skyfence-alert |
forcepoint-casb-cef-alert-trigger-success-alert |
| s-skyfence-login |
forcepoint-casb-kv-app-login-fail-login |
| s-skysea-app-activity |
skysea-cv-csv-app-activity-success-appactivity |
| s-skysea-app-activity-1 |
skysea-cv-str-app-activity-success-appactivity |
| s-skysea-dlp-email-alert |
skysea-cv-csv-email-send-success |
| s-skysea-file-access |
skysea-cv-csv-file-success-fileactivity |
| s-skysea-file-copied |
skysea-cv-csv-file-write-success-fileactivity |
| s-skysea-file-download |
skysea-cv-csv-file-download-success-web |
| s-skysea-file-operations |
skysea-cv-csv-file-success-fileactivity-1 |
| s-skysea-file-upload |
skysea-cv-csv-file-upload-success-web |
| s-skysea-print-activity |
skysea-cv-csv-printer-activity-success-printactivity |
| s-skysea-process-created-1 |
skysea-cv-csv-process-create-success-user |
| s-skysea-process-created-2 |
skysea-cv-csv-process-create-success-processcreated |
| s-skysea-security-alert |
skysea-cv-kv-alert-trigger-success-tcp |
| s-skysea-share-access |
skysea-cv-str-share-access-success-foldersharing |
| s-skysea-usb-activity |
skysea-cv-csv-peripheral-storage-activity-success-usbactivity |
| s-skysea-web-activity |
skysea-cv-csv-http-session-web |
| s-skysea-web-activity-1 |
skysea-cv-csv-http-session-success-web |
| s-skysea-web-activity-2 |
skysea-cv-csv-http-session-success-webaccess |
| s-snowflake-db-login-1 |
snowflake-s-kv-database-login-success-login |
| s-snowflake-db-query-1 |
snowflake-s-kv-database-query-success-databasequery |
| s-sonicwall-failed-vpn-login |
dell-sw-kv-vpn-login-fail-sslvpn |
| s-sonicwall-failed-vpn-login-2 |
dell-sw-kv-vpn-login-fail-140 |
| s-sonicwall-remote-logon |
dell-sw-kv-rdp-traffic-success-sslvpn |
| s-sonicwall-vpn-end |
dell-sw-kv-vpn-logout-success-sslvpn |
| s-sonicwall-vpn-end-1 |
sonicwall-sw-kv-vpn-logout-success-sslvpn |
| s-sonicwall-vpn-login-2 |
sonicwall-sw-kv-vpn-login-success-1080 |
| s-sonicwall-vpn-start |
dell-sw-kv-vpn-login-success-userloginsuccessful |
| s-sonicwall-vpn-start-1 |
dell-sw-kv-vpn-login-success-netextenderconnected |
| s-sophos-network-connection |
sophos-xgfirewall-kv-network-traffic-success-firewallrule |
| s-splunkstream-dns-query |
splunk-stream-json-dns-request-success-query |
| s-splunkstream-dns-response |
splunk-stream-json-dns-response-success-messagetype |
| s-ssh-login-failed |
unix-unix-str-endpoint-login-fail-invaliduser |
| s-stealthwatch-network-alert |
cisco-securenetworkanalytics-kv-alert-trigger-success-stealth |
| s-stream-dhcp |
splunk-s-json-dhcp-session-success-dhcpack |
| s-svn-app-activity |
apache-subversion-mix-app-activity-get |
| s-svn-app-activity-1 |
apache-subversion-mix-app-activity-headsvn |
| s-svn-app-activity-2 |
apache-subversion-mix-app-activity-headsvn-1 |
| s-svn-app-activity-3 |
apache-subversion-mix-app-activity-optionssvn |
| s-svn-app-activity-4 |
apache-subversion-mix-app-activity-postsvn |
| s-svn-app-activity-5 |
apache-subversion-str-app-activity-svn |
| s-svn-app-activity-6 |
apache-subversion-mix-app-activity-proppatchsvn |
| s-svn-app-activity-7 |
apache-subversion-mix-app-activity-putsvn |
| s-svn-app-activity-8 |
apache-subversion-mix-app-activity-reportsvn |
| s-swipes-badge-access |
swipes-s-kv-physical-location-access-success-swipes |
| s-symantec-auth-failed |
symantec-vip-str-endpoint-login-fail-auth |
| s-symantec-auth-failed-1 |
symantec-vip-str-endpoint-login-fail-accessreject |
| s-symantec-auth-failed-2 |
symantec-vip-str-endpoint-login-fail-accessreject-1 |
| s-symantec-auth-successful |
symantec-vip-str-endpoint-login-success-auth |
| s-symantec-auth-successful-1 |
symantec-vip-kv-endpoint-login-success-authentication |
| s-symantec-dlp-alert |
symantec-dlp-cef-email-send-success-emailsend |
| s-symantec-dlp-alert-1 |
symantec-dlp-csv-alert-trigger-success-https |
| s-symantec-dlp-email-alert |
symantec-dlp-str-email-send-success-smtp |
| s-symantec-email-alert |
symantec-esc-json-email-send-success-fileincluded |
| s-symantec-epp-alert |
symantec-endpointprotection-csv-alert-trigger-success-threatnum |
| s-symantec-network-alert |
symantec-endpointprotection-kv-alert-trigger-success-scanning |
| s-symantec-process-alert |
symantec-endpointprotection-kv-alert-trigger-success-rule |
| s-symantec-security-alert |
symantec-endpointprotection-kv-alert-trigger-success-symantecepproactive |
| s-symantec-security-alert-1 |
symantec-endpointprotection-kv-alert-trigger-success-symantecepsecurity |
| s-symantec-security-alert-2 |
symantec-endpointprotection-kv-alert-trigger-success-symanteceprisk-1 |
| s-symantec-web-activity |
symantec-fireglass-kv-http-session-urlcategories |
| s-symantec-web-activity-1 |
symantec-fireglass-json-http-session-networkrequest |
| s-tanium-cli-execution |
tanium-cp-kv-process-create-success-cliexecutionlog |
| s-tanium-process-alert-1 |
tanium-cp-sk4-alert-trigger-success-maliciousfiles |
| s-tanium-security-alert |
tanium-cp-kv-alert-trigger-success-eventdetect |
| s-tanium-security-alert-2 |
tanium-cp-json-alert-trigger-success-eventprocess |
| s-tanium-security-alert-3 |
tanium-cp-json-alert-trigger-success-security |
| s-tanium-security-alert-4 |
tanium-cp-json-alert-trigger-success-eventtrace |
| s-tanium-security-alert-5 |
tanium-cp-json-alert-trigger-success-taniumdetect |
| s-tanium-security-alert-6 |
tanium-cp-sk4-alert-trigger-success-taniumindex |
| s-tanium-security-alert-7 |
tanium-cp-sk4-alert-trigger-success-shellhashes |
| s-titanftp-app-activity-1 |
titanftp-t-str-app-activity-success-sshfxprealpath |
| s-titanftp-app-activity-2 |
titanftp-t-str-app-activity-success-sshfxpstat |
| s-titanftp-app-activity-3 |
titanftp-t-str-app-activity-success-sshfxpsetstat |
| s-titanftp-app-activity-4 |
titanftp-t-str-app-activity-success-sshfxplstat |
| s-titanftp-file-delete |
titanftp-t-str-file-delete-success-sshfxpremove |
| s-titanftp-file-read-1 |
titanftp-t-str-file-read-success-sshfxpopendir |
| s-titanftp-file-read-2 |
titanftp-t-str-file-read-success-sshfxpopen |
| s-trendmicro-epp-alert |
trendmicro-officescan-kv-alert-trigger-success-trendmicro |
| s-trendmicro-epp-alert-1 |
trendmicro-officescan-kv-alert-trigger-success-callbackdetected |
| s-trendmicro-epp-alert-2 |
trendmicro-officescan-kv-alert-trigger-success-officescanserver |
| s-trendmicro-security-alert |
trendmicro-officescan-kv-alert-trigger-success-tmcm |
| s-trendmicro-security-alert-1 |
trendmicro-officescan-kv-alert-trigger-success-graywarefound |
| s-trendmicro-security-alert-2 |
trendmicro-officescan-kv-alert-trigger-success-ccca |
| s-trendmicro-security-alert-3 |
trendmicro-officescan-kv-alert-trigger-success-contentfiltering |
| s-trusteer-epp-alert |
ibm-em-kv-alert-trigger-success-securitytrusteer |
| s-unix-auth-event |
unix-unix-str-endpoint-login-authentication |
| s-unix-dhcp-2 |
unix-dhcpd-str-dhcp-discover-nofreeleases |
| s-unix-dhcp-3 |
unix-dhcpd-str-dhcp-traffic-dhcpd |
| s-viscount-badge-access |
viscount-i-kv-physical-location-access-cardaccess |
| s-vontu-dlp-alert |
symantec-dlp-kv-alert-trigger-success-dlpincident |
| s-vontu-dlp-email-alert |
symantec-dlp-kv-email-send-success-emailsend |
| s-vontu-email-dlp |
symantec-dlp-kv-alert-trigger-success-smtp |
| s-windows-4625 |
microsoft-evsecurity-kv-endpoint-login-fail-4625-7 |
| s-windows-4648 |
microsoft-evsecurity-kv-endpoint-login-success-4648 |
| s-windows-4672 |
microsoft-evsecurity-kv-user-privilege-modify-fail-4672 |
| s-windows-4673 |
microsoft-evsecurity-kv-user-privilege-modify-fail-4673-1 |
| s-windows-4674 |
microsoft-evsecurity-kv-user-privilege-use-success-data |
| s-windows-4688 |
microsoft-evsecurity-kv-process-create-success-4688-3 |
| s-windows-4771 |
microsoft-evsecurity-kv-endpoint-login-fail-4771 |
| s-windows-4776 |
microsoft-evsecurity-kv-endpoint-login-4776-4 |
| s-windows-5140 |
microsoft-evsecurity-kv-share-access-5140 |
| s-windows-5157 |
microsoft-evsecurity-kv-network-session-fail-5157 |
| s-windows-5157-2 |
microsoft-evsecurity-kv-network-session-fail-5157-1 |
| s-windows-event-1102 |
microsoft-evsecurity-kv-log-clear-success-1102-3 |
| s-windows-event-4624 |
microsoft-evsecurity-kv-endpoint-success-4624 |
| s-windows-event-4625 |
microsoft-evsecurity-kv-wls-endpoint-login-fail-4625-1 |
| s-windows-event-4648 |
microsoft-evsecurity-kv-endpoint-login-success-4648-4 |
| s-windows-event-4672 |
microsoft-evsecurity-kv-user-privilege-use-success-4672 |
| s-windows-event-4673 |
microsoft-evsecurity-kv-user-privilege-use-success-4673 |
| s-windows-event-4674 |
microsoft-evsecurity-kv-user-privilege-use-success-wls |
| s-windows-event-4688 |
microsoft-evsecurity-kv-process-create-success-4688wls |
| s-windows-event-4697 |
microsoft-evsecurity-csv-service-create-success-4697 |
| s-windows-event-4719 |
microsoft-evsecurity-kv-audit-policy-modify-success-4719-3 |
| s-windows-event-4720 |
microsoft-evsecurity-kv-user-create-success-4720-2 |
| s-windows-event-4722 |
microsoft-evsecurity-kv-user-enable-success-4722-1 |
| s-windows-event-4723 |
microsoft-evsecurity-kv-user-password-modify-4723-3 |
| s-windows-event-4724 |
microsoft-evsecurity-kv-user-password-reset-success-4724-1 |
| s-windows-event-4725 |
microsoft-evsecurity-kv-user-disable-success-4725-1 |
| s-windows-event-4728 |
microsoft-evsecurity-kv-group-member-add-success-4728-1 |
| s-windows-event-4729 |
microsoft-evsecurity-kv-group-member-remove-success-4729 |
| s-windows-event-4732 |
microsoft-evsecurity-kv-group-member-add-success-4732-1 |
| s-windows-event-4733 |
microsoft-evsecurity-kv-group-member-remove-success-4733 |
| s-windows-event-4740 |
microsoft-evsecurity-kv-user-delete-fail-4740 |
| s-windows-event-4776 |
microsoft-evsecurity-kv-endpoint-login-4776-3 |
| s-windows-event-4778 |
microsoft-evsecurity-kv-endpoint-login-success-4778 |
| s-windows-event-4779 |
microsoft-evsecurity-kv-endpoint-logout-success-4779-1 |
| s-windows-event-4780 |
microsoft-evsecurity-kv-ds-object-modify-success-4780 |
| s-windows-event-4800 |
microsoft-evsecurity-kv-endpoint-lock-success-4800-2 |
| s-windows-event-4801 |
microsoft-evsecurity-kv-endpoint-unlock-success-4801-2 |
| s-windows-event-5140 |
microsoft-evsecurity-kv-share-access-success-5140-4 |
| s-windows-event-528 |
microsoft-evsecurity-kv-endpoint-success-528-1 |
| s-windows-event-534 |
microsoft-evsecurity-kv-endpoint-login-fail-534 |
| s-windows-event-540 |
microsoft-evsecurity-json-endpoint-login-success-540-1 |
| s-windows-event-552 |
microsoft-evsecurity-kv-endpoint-login-success-552 |
| s-windows-event-576 |
microsoft-evsecurity-kv-user-privilege-use-success-576 |
| s-windows-event-578 |
microsoft-windows-kv-user-privilege-use-success-578 |
| s-windows-event-601 |
microsoft-evsecurity-kv-process-create-success-601 |
| s-windows-event-602 |
microsoft-evsecurity-kv-scheduled-task-create-success-602 |
| s-windows-event-626 |
microsoft-windows-kv-user-enable-success-626 |
| s-windows-event-627 |
microsoft-evsecurity-kv-user-password-modify-627-1 |
| s-windows-event-629 |
microsoft-evsecurity-kv-user-disable-success-629-1 |
| s-windows-event-633 |
microsoft-evsecurity-kv-group-member-remove-success-633 |
| s-windows-event-636 |
microsoft-evsecurity-kv-group-member-add-success-636 |
| s-windows-event-637 |
microsoft-evsecurity-kv-group-member-remove-success-637 |
| s-windows-event-644 |
microsoft-evsecurity-kv-user-delete-fail-logtype |
| s-windows-process-created |
microsoft-windows-kv-process-create-success-processid |
| s-xenapp-ica-login |
citrix-cvapps-kv-app-login-success-active |
| s-xendesktop-remote-logon |
citrix-cvdesktop-kv-endpoint-login-success-dnsname |
| s-xml-10 |
"microsoft-evapp-xml-endpoint-notification-10 |
| s-xml-100 |
"microsoft-evapp-xml-process-create-100 |
| s-xml-1000 |
"microsoft-evapp-xml-endpoint-notification-1000 |
| s-xml-1000-1 |
"microsoft-evapp-xml-endpoint-notification-1000-1 |
| s-xml-101 |
"microsoft-evapp-xml-endpoint-activity-101 |
| s-xml-1030 |
"microsoft-evsystem-xml-policy-apply-fail-1030 |
| s-xml-1085 |
"microsoft-evsystem-xml-endpoint-notification-1085 |
| s-xml-1096 |
"microsoft-evsystem-xml-policy-apply-fail-1096 |
| s-xml-1102 |
microsoft-evsecurity-xml-log-clear-success-1102-1 |
| s-xml-1112 |
"microsoft-evsystem-xml-policy-apply-fail-1112 |
| s-xml-1196 |
"microsoft-evsystem-xml-endpoint-notification-1196 |
| s-xml-120 |
"microsoft-evapp-xml-process-create-fail-120 |
| s-xml-1200 |
"microsoft-evsecurity-xml-app-authentication-1200 |
| s-xml-1200-1 |
microsoft-evsecurity-xml-app-authentication-success-1200 |
| s-xml-1201-1 |
microsoft-evsecurity-xml-app-authentication-fail-1201 |
| s-xml-1202 |
"microsoft-evsecurity-xml-app-authentication-1202 |
| s-xml-1202-1 |
microsoft-evsecurity-xml-app-authentication-success-1202 |
| s-xml-1203 |
"microsoft-evsecurity-xml-app-authentication-fail-1203 |
| s-xml-1203-1 |
microsoft-evsecurity-xml-app-authentication-fail-1203-1 |
| s-xml-129 |
"microsoft-evsystem-xml-endpoint-time-modify-fail-129 |
| s-xml-134 |
"microsoft-evsystem-xml-endpoint-time-modify-fail-134 |
| s-xml-1500 |
"microsoft-evsystem-xml-policy-apply-1500 |
| s-xml-1530 |
"microsoft-evapp-xml-endpoint-notification-1530 |
| s-xml-1534 |
"microsoft-evapp-xml-endpoint-notification-1534 |
| s-xml-2039 |
"cisco-ac-xml-vpn-login-success-2039 |
| s-xml-219 |
"microsoft-evsystem-xml-driver-load-fail-219 |
| s-xml-225 |
"microsoft-evsystem-xml-driver-load-fail-225 |
| s-xml-299 |
"microsoft-evsecurity-xml-app-authentication-299 |
| s-xml-3001 |
"cisco-ac-xml-app-notification-3001 |
| s-xml-3009 |
"microsoft-evapp-xml-endpoint-notification-3009 |
| s-xml-3013 |
"microsoft-evapp-xml-endpoint-notification-3013 |
| s-xml-33370 |
"microsoft-evapp-xml-certificate-request-fail-33370 |
| s-xml-40 |
"microsoft-evsystem-xml-policy-apply-fail-40 |
| s-xml-403 |
"microsoft-evsecurity-xml-http-request-403 |
| s-xml-404 |
"microsoft-evsecurity-xml-http-response-404 |
| s-xml-4098 |
"microsoft-evapp-xml-policy-apply-fail-4098 |
| s-xml-410 |
"microsoft-evsecurity-xml-app-notification-410 |
| s-xml-411 |
"microsoft-evsecurity-xml-app-authentication-fail-411 |
| s-xml-412 |
"microsoft-evsecurity-xml-app-authentication-412 |
| s-xml-431 |
"microsoft-evsecurity-xml-app-notification-431 |
| s-xml-4627 |
"microsoft-evsecurity-xml-endpoint-notification-4627 |
| s-xml-4627-1 |
"microsoft-evsecurity-xml-endpoint-notification-success-4627 |
| s-xml-4634 |
"microsoft-evsecurity-xml-endpoint-logout-4634 |
| s-xml-4647 |
"microsoft-evsecurity-xml-endpoint-logout-4647 |
| s-xml-4653 |
"microsoft-evsecurity-xml-endpoint-notification-4653 |
| s-xml-4656 |
"microsoft-evsecurity-xml-handle-request-4656 |
| s-xml-4656-netapp |
"netapp-n-xml-alert-trigger-success-4656 |
| s-xml-4660 |
"microsoft-evsecurity-xml-endpoint-activity-4660 |
| s-xml-4660-netapp |
"netapp-n-xml-file-delete-success-4660 |
| s-xml-4663 |
"microsoft-evsecurity-xml-file-success-4663-1 |
| s-xml-4664 |
"microsoft-evsecurity-xml-link-create-4664 |
| s-xml-4670 |
"microsoft-evsecurity-xml-file-permission-modify-4670 |
| s-xml-4696 |
"microsoft-evsecurity-xml-process-token-assign-4696 |
| s-xml-4697 |
"microsoft-evsecurity-xml-service-create-success-4697 |
| s-xml-4698 |
"microsoft-evsecurity-xml-scheduled-task-create-success-4698-1 |
| s-xml-4701 |
"microsoft-evsecurity-xml-scheduled-task-disable-4701 |
| s-xml-4720 |
"microsoft-evsecurity-xml-user-create-success-4720 |
| s-xml-4723 |
"microsoft-evsecurity-xml-user-password-modify-4723 |
| s-xml-4724 |
"microsoft-evsecurity-xml-user-password-reset-success-4724 |
| s-xml-4725 |
"microsoft-evsecurity-xml-user-disable-success-4725 |
| s-xml-4726 |
"microsoft-evsecurity-xml-user-delete-success-4726-1 |
| s-xml-4740 |
"microsoft-evsecurity-xml-user-lock-success-4740 |
| s-xml-4770 |
"microsoft-evsecurity-xml-endpoint-login-success-4770 |
| s-xml-4771 |
"microsoft-evsecurity-xml-endpoint-login-fail-4771 |
| s-xml-4774 |
"microsoft-evsecurity-xml-endpoint-authentication-4774 |
| s-xml-49152 |
"microsoft-evsystem-xml-network-notification-49152 |
| s-xml-4931 |
"microsoft-evsecurity-xml-ds-replication-modify-4931-1 |
| s-xml-4948 |
"microsoft-evsecurity-xml-policy-modify-4948 |
| s-xml-4954 |
"microsoft-evsecurity-xml-policy-apply-4954 |
| s-xml-4965 |
"microsoft-evsecurity-xml-endpoint-notification-4965 |
| s-xml-49754 |
"microsoft-evapp-xml-certificate-request-fail-49754 |
| s-xml-4985 |
"microsoft-evsecurity-xml-endpoint-notification-4985 |
| s-xml-5 |
"sentinelone-evsentinelone-xml-app-notification-5 |
| s-xml-500 |
"microsoft-evsecurity-xml-app-notification-500 |
| s-xml-5005 |
"cisco-ac-xml-app-notification-5005 |
| s-xml-501 |
"microsoft-evsecurity-xml-app-notification-501 |
| s-xml-510 |
"microsoft-evsecurity-xml-app-notification-510 |
| s-xml-5379 |
"microsoft-evsecurity-xml-password-read-5379 |
| s-xml-5447 |
"microsoft-evsecurity-xml-policy-modify-5447-2 |
| s-xml-5447-1 |
"microsoft-evsecurity-xml-policy-modify-5447-1 |
| s-xml-5612 |
"microsoft-evapp-xml-process-close-5612 |
| s-xml-5889 |
"microsoft-evsecurity-xml-endpoint-activity-success-5889 |
| s-xml-5890 |
"microsoft-evsecurity-xml-endpoint-notification-5890 |
| s-xml-5973 |
microsoft-evapp-xml-app-activity-success-5973 |
| s-xml-6 |
microsoft-evsecurity-xml-vpn-authentication-fail-6 |
| s-xml-6398 |
"microsoft-evapp-xml-endpoint-notification-6398 |
| s-xml-64 |
"microsoft-evcertsc-xml-certificate-expire-64 |
| s-xml-7045 |
"microsoft-evsystem-xml-service-create-success-7045 |
| s-xml-8019 |
"microsoft-evsecurity-xml-dns-record-create-fail-8019 |
| s-xml-9999 |
"microsoft-evsecurity-xml-file-rename-9999 |
| s-xml-config-change |
"microsoft-evapp-xml-configuration-modify-16028 |
| s-xml-object-access-2003 |
"microsoft-evbferf-xml-network-notification-success-2003 |
| s-xml-object-access-4690 |
"microsoft-evsecurity-xml-handle-copy-4690 |
| s-xml-object-access-4755 |
"microsoft-evsecurity-xml-group-modify-success-4755 |
| s-xml-object-access-4759 |
"microsoft-evsecurity-xml-group-create-success-4759 |
| s-xml-object-access-4760 |
"microsoft-evsecurity-xml-group-modify-success-4760 |
| s-xml-object-access-4761 |
"microsoft-evsecurity-xml-group-member-add-4761 |
| s-xml-object-access-4762 |
"microsoft-evsecurity-xml-member-remove-success-4762 |
| s-xml-object-access-5058 |
"microsoft-evsecurity-xml-file-5058 |
| s-xml-object-access-5059 |
"microsoft-evsecurity-xml-key-migrate-5059 |
| s-xml-object-access-5061 |
"microsoft-evsecurity-xml-key-5061 |
| s-xml-object-access-5061-2 |
"microsoft-evsecurity-xml-key-5061-1 |
| s-xml-object-access-6278 |
"microsoft-evsecurity-xml-endpoint-authentication-6278 |
| s-xml-system-info-1 |
"microsoft-evapp-xml-endpoint-activity-esent |
| s-xml-system-info-10 |
"microsoft-evapp-xml-app-activity-msexchangeis |
| s-xml-system-info-11 |
"microsoft-evapp-xml-app-activity-mailboxreplication |
| s-xml-system-info-12 |
"microsoft-evapp-xml-app-activity-midtierstorage |
| s-xml-system-info-13 |
"microsoft-evapp-xml-app-activity-owa |
| s-xml-system-info-14 |
"microsoft-evapp-xml-app-activity-msexchangerepl |
| s-xml-system-info-15 |
"microsoft-evapp-xml-app-activity-transport |
| s-xml-system-info-16 |
"microsoft-evapp-xml-app-activity-transportdelivery |
| s-xml-system-info-17 |
"microsoft-evapp-xml-app-activity-transportsearch |
| s-xml-system-info-18 |
"microsoft-evapp-xml-app-activity-transportsubmission |
| s-xml-system-info-19 |
"microsoft-evapp-xml-database-activity-sql |
| s-xml-system-info-2 |
"microsoft-evapp-xml-endpoint-activity-filter |
| s-xml-system-info-20 |
"microsoft-evsecurity-xml-endpoint-activity-dfssvc |
| s-xml-system-info-21 |
"microsoft-evsystem-xml-endpoint-activity-microsoftwindowswas |
| s-xml-system-info-22 |
"microsoft-evsystem-xml-endpoint-activity-schannel |
| s-xml-system-info-23 |
"microsoft-evsystem-xml-endpoint-activity-servicecontrolmanager |
| s-xml-system-info-3 |
"microsoft-evapp-xml-endpoint-activity-perflib |
| s-xml-system-info-4 |
"microsoft-evapp-xml-app-activity-adaccess |
| s-xml-system-info-5 |
"microsoft-evapp-xml-app-activity-applicationlogic |
| s-xml-system-info-6 |
"microsoft-evapp-xml-app-activity-assistants |
| s-xml-system-info-7 |
"microsoft-evapp-xml-app-activity-certificatenotification |
| s-xml-system-info-8 |
"microsoft-evapp-xml-app-activity-common |
| s-xml-system-info-9 |
"microsoft-evapp-xml-app-activity-frontendhttpproxy |
| s-xml-windows-member-1 |
"microsoft-evsecurity-xml-group-member-add-success-4728 |
| s-xml-windows-member-10 |
"microsoft-windows-xml-vpn-logout-success-1018 |
| s-xml-windows-member-11 |
"microsoft-windows-xml-vpn-login-success-1017 |
| s-xml-windows-member-13 |
"microsoft-evdhcpserver-xml-vpn-login-success-4303 |
| s-xml-windows-member-14 |
"microsoft-windows-xml-vpn-logout-success-4304 |
| s-xml-windows-member-15 |
"microsoft-evsecurity-xml-configuration-modify-success-4742 |
| s-xml-windows-member-16 |
"microsoft-evsecurity-xml-configuration-modify-success-eventid4957 |
| s-xml-windows-member-2 |
"microsoft-evsecurity-xml-group-member-add-success-4732 |
| s-xml-windows-member-3 |
"microsoft-evsecurity-kv-group-member-add-success-4756-1 |
| s-xml-windows-member-4 |
"microsoft-evsecurity-xml-group-member-remove-success-4729 |
| s-xml-windows-member-4756 |
"microsoft-evsecurity-kv-group-member-add-success-4756-2 |
| s-xml-windows-member-4757 |
"microsoft-evsecurity-json-group-member-remove-success-4757-1 |
| s-xml-windows-member-5 |
"microsoft-evsecurity-xml-group-member-remove-success-4733 |
| s-xml-windows-member-6 |
"microsoft-evsecurity-json-group-member-remove-success-4757 |
| s-xml-windows-member-7 |
"microsoft-windows-xml-vpn-login-success-2002 |
| s-xml-windows-member-8 |
"microsoft-windows-xml-vpn-logout-success-2001 |
| s-xml-windows-member-9 |
"microsoft-windows-xml-vpn-login-success-2000 |
| s-zscaler-dlp-alert |
zscaler-ia-kv-alert-trigger-success-dlp |
| s-zscaler-dlp-alert-1 |
zscaler-ia-kv-alert-trigger-success-alerttrigeerd |
| s-zscaler-web-activity |
zscaler-ia-str-http-session-dlpengine |
| s-zscaler-web-activity-1 |
zscaler-ia-json-http-session-https |
| s-zscaler-web-activity-2 |
zscaler-ia-kv-http-session-cleantransaction |
| s-zscaler-web-activity-3 |
zscaler-ia-kv-http-session-login |
| s-zscaler-web-activity-4 |
zscaler-ia-json-http-session-allowed |
| s-zscaler-web-activity-5 |
zscaler-ia-kv-http-session-https |
| s-zscaler-web-activity-6 |
zscaler-ia-cef-http-session-recordid |
| s-zscaler-web-activity-7 |
zscaler-ia-kv-http-session-url |
| s-zscaler-web-activity-8 |
zscaler-ia-json-http-session-transactionsize |
| saas-suricata-json |
suricata-s-json-alert-trigger-success-proto |
| safecom-print-activity |
hp-safecom-kv-printer-activity-success-300183 |
| safend-dlp-alert |
safend-dps-kv-alert-trigger-success-safenddataprotection |
| safend-usb-insert |
safend-dps-kv-peripheral-storage-insert-success-allowed |
| safend-usb-read |
safend-dps-kv-file-read-success-read |
| safend-usb-write |
safend-dps-kv-file-write-success-write |
| safeword-auth-successful |
securecomputing-safeword-kv-endpoint-authentication-success-authverify |
| sail-file-operation |
sailpoint-securityiq-csv-file-operation |
| sailpoint-account-password-change |
sailpoint-iiq-json-user-password-modify-success-target |
| sailpoint-app-activity-1 |
sailpoint-identitynow-json-app-login-success-ssoattributes |
| sailpoint-app-activity-2 |
sailpoint-identitynow-json-app-activity-success-usermanagement |
| sailpoint-app-activity-3 |
sailpoint-identityiq-json-app-activity-success-appactivity |
| sailpoint-auth |
sailpoint-identitynow-json-endpoint-authentication-auth |
| sailpoint-failed-app-login |
sailpoint-identityiq-json-app-login-fail-faillogin |
| sailpoint-password-change |
sailpoint-identitynow-json-user-password-modify-passwordactivity |
| salesforce-app-login |
salesforce-sf-csv-app-login-success-loginsuccess |
| salesforce-failed-app-login |
salesforce-sf-csv-app-login-fail-invalidpassword |
| sangfor-network-alert |
sangfor-ngaf-kv-alert-trigger-success-ips |
| sangfor-web-activity |
sangfor-ngaf-kv-http-session-websitebrowsing |
| sap-account-password-change |
sap-s-cef-user-password-modify-success-loginforsso |
| sap-app-activity |
sap-s-kv-app-activity-success-sapuser |
| sap-app-login |
sap-s-cef-app-login-success-dialoglogonsuccessful |
| sap-failed-app-login |
sap-s-cef-app-login-fail-dialoglogonfailed |
| sap-logout |
sap-s-cef-app-logout-userlogoff |
| sap-network-connection |
sap-s-kv-network-session-functioncall |
| sap-network-connection-1 |
sap-s-cef-network-session-rfccallsuccess |
| sap-remote-logon |
sap-s-cef-endpoint-login-success-cpiclogonsuccessful |
| sap-remote-logon-1 |
sap-s-cef-endpoint-login-fail-cpiclogonfail |
| sap-system-event |
sap-s-cef-app-notification-reportstarted |
| sap-system-event-1 |
sap-s-cef-app-notification-transactionstarted |
| sap-system-event-2 |
sap-s-cef-app-notification-messagecu1 |
| sap-system-event-3 |
sap-s-cef-app-notification-accessbyrfc |
| sap-system-event-4 |
sap-s-cef-app-notification-transactionfailed |
| sap-system-event-5 |
sap-s-cef-app-notification-success-duz |
| sap-system-info |
sap-s-cef-app-activity-secude |
| seclore-file-permission-change |
seclore-s-json-file-permission-modify-success-1 |
| seclore-file-permission-change-1 |
seclore-s-json-file-permission-modify-success-6 |
| seclore-file-permission-change-2 |
seclore-s-json-file-permission-modify-success-7 |
| seclore-file-print |
seclore-s-json-printer-activity-machinename |
| seclore-file-read |
seclore-s-json-file-read-success-13 |
| seclore-file-read-1 |
seclore-s-json-file-read-success-2 |
| seclore-file-share |
seclore-s-json-file-share-offlineaccessright |
| seclore-file-write |
seclore-s-json-file-write-success-3 |
| secure-auth-event-20100 |
secureauth-login-kv-app-notification-20100 |
| secure-auth-event-20990 |
secureauth-login-kv-app-notification-20990 |
| secure-auth-event-21000 |
secureauth-login-kv-app-notification-21000 |
| secure-auth-event-21010 |
secureauth-login-kv-app-notification-21010 |
| secure-auth-event-22600 |
secureauth-login-kv-app-authentication-fail-22600 |
| secure-auth-event-23000 |
secureauth-login-kv-app-notification-23000 |
| secure-auth-event-23800 |
secureauth-login-kv-app-notification-23800 |
| secure-auth-event-24000 |
secureauth-login-kv-app-notification-24000 |
| secure-auth-event-24010 |
secureauth-login-kv-app-notification-24010 |
| secure-auth-event-24120 |
secureauth-login-kv-app-authentication-24120 |
| secure-auth-event-41600 |
secureauth-login-kv-app-notification-41600 |
| secure-auth-event-41690 |
secureauth-login-kv-http-request-41690 |
| secure-auth-event-51080 |
secureauth-login-kv-app-notification-51080 |
| secure-auth-event-51150 |
secureauth-login-kv-app-authentication-fail-51150 |
| secure-auth-event-51170 |
secureauth-login-kv-app-authentication-51170 |
| secure-auth-event-52010 |
secureauth-login-kv-app-notification-52010 |
| secure-auth-event-52018 |
secureauth-login-kv-app-notification-success-52018 |
| secure-auth-event-52019 |
secureauth-login-kv-app-notification-success-52019 |
| secure-auth-event-52020 |
secureauth-login-kv-app-notification-52020 |
| secure-auth-event-52060 |
secureauth-login-kv-app-notification-52060 |
| secure-auth-event-52070 |
secureauth-login-kv-app-notification-52070 |
| secure-auth-event-53100 |
secureauth-login-kv-app-notification-53100 |
| secure-auth-event-53110 |
secureauth-login-kv-app-notification-53110 |
| secure-auth-event-53120 |
secureauth-login-kv-app-notification-53120 |
| secure-auth-event-53502 |
secureauth-login-kv-app-notification-53502 |
| secure-auth-event-53540 |
secureauth-login-kv-app-notification-success-53540 |
| secure-auth-event-53550 |
secureauth-login-kv-app-notification-success-53550 |
| secure-auth-event-53560 |
secureauth-login-kv-app-notification-success-53560 |
| secure-auth-event-60701 |
secureauth-login-kv-app-notification-success-60701 |
| secure-auth-event-90010 |
secureauth-login-kv-app-login-90010 |
| secure-auth-event-90020 |
secureauth-login-kv-app-notification-90020 |
| secure-auth-event-90030 |
secureauth-login-kv-app-notification-90030 |
| secure-auth-event-90040 |
secureauth-login-kv-app-notification-90040 |
| secure-auth-event-92020 |
secureauth-login-kv-app-notification-success-92020 |
| secure-auth-event-92030 |
secureauth-login-kv-app-notification-success-92030 |
| secure-auth-event-92300 |
secureauth-login-kv-app-notification-success-92300 |
| secure-auth-event-92301 |
secureauth-login-kv-app-notification-success-92301 |
| secure-auth-event-92302 |
secureauth-login-kv-app-notification-success-92302 |
| secure-auth-event-92303 |
secureauth-login-kv-app-notification-success-92303 |
| secure-auth-event-92304 |
secureauth-login-kv-app-notification-success-92304 |
| secure-auth-event-92306 |
secureauth-login-kv-app-notification-success-92306 |
| secure-auth-failed-event-21070 |
secureauth-login-kv-user-read-fail-21070 |
| secure-auth-failed-event-22610 |
secureauth-login-kv-app-authentication-fail-22610 |
| secure-auth-failed-event-22910 |
secureauth-login-kv-app-authentication-fail-22910 |
| secure-auth-failed-event-24210 |
secureauth-login-kv-app-authentication-fail-24210 |
| secure-auth-failed-event-24220 |
secureauth-login-kv-app-authentication-fail-24220 |
| secure-auth-failed-event-41501 |
secureauth-login-kv-app-authentication-fail-41501 |
| secure-envoy-failed |
securenvoy-semfa-kv-endpoint-login-fail-denied |
| secure-envoy-successful |
securenvoy-semfa-kv-endpoint-authentication-success-passcodeok |
| secure-system-login |
tufin-securetrack-str-endpoint-login-success-securetrack |
| secure-system-policy-info |
tufin-securetrack-kv-policy-modify-saved |
| secure-system-policy-info-1 |
tufin-securetrack-kv-app-notification-fetched |
| secure-system-policy-info-2 |
tufin-securetrack-str-app-notification-tufinos |
| secureauth-app-login |
"secureauth-login-xml-app-login-success-priority |
| secureauth-auth-successful |
secureauth-login-cef-endpoint-login-success-20990 |
| secureauth-auth-successful-1 |
secureauth-login-kv-endpoint-login-success-20000 |
| secureauth-leef-auth-attempt |
secureauth-login-leef-app-activity |
| secureauth-system-info |
secureauth-login-cef-app-activity-appactivity |
| secureauth-system-info-1 |
"secureauth-login-xml-app-authentication-browserfingerprint |
| secureauth-system-session-end |
secureauth-login-leef-app-logout-end |
| secureauth-system-session-start |
secureauth-login-leef-endpoint-login-success-sessionstart |
| securelink-app-activity |
securelink-s-json-app-activity-success-accessed |
| securelink-app-login |
securelink-s-str-app-login-success-connected |
| securelink-app-logout |
securelink-s-str-app-logout-disconnectedfrom |
| securelink-login |
securelink-s-str-app-login-success-loggedin |
| securelink-login-failed |
securelink-s-str-app-login-fail-loginfailed |
| securelink-logout |
securelink-s-kv-app-logout-logout |
| securelink-system-info |
securelink-s-kv-app-activity-appactivity |
| securesphere-alert |
imperva-securesphere-kv-alert-trigger-success-securespherealert |
| securesphere-alert-1 |
imperva-securesphere-kv-alert-trigger-success-alertinfo |
| securesphere-db-alert |
imperva-securesphere-kv-alert-trigger-success-sql |
| securesphere-db-alert-2 |
imperva-securesphere-kv-alert-trigger-success-violateditem |
| securesphere-db-cuseqsv |
imperva-securesphere-kv-database-login-success-sqlerror |
| securesphere-db-failed-login |
imperva-securesphere-kv-database-login-fail-false |
| securesphere-db-failed-login-1 |
imperva-securesphere-json-database-login-fail-sqlfailedlogin |
| securesphere-db-failed-login-2 |
imperva-securesphere-json-database-login-fail-sql |
| securesphere-db-failed-login-3 |
imperva-securesphere-cef-database-login-fail-false |
| securesphere-db-json |
imperva-securesphere-json-database-query-success-sqlerror |
| securesphere-db-login |
imperva-securesphere-kv-database-login-success-login-1 |
| securesphere-db-login-2 |
imperva-securesphere-cef-database-login-success-login-2 |
| securesphere-db-query |
imperva-securesphere-kv-database-query-success-query |
| securesphere-db-query-2 |
imperva-securesphere-kv-database-query-success-query-1 |
| securesphere-logout |
imperva-securesphere-cef-app-logout-success-userloggedout |
| securesphere-system-1 |
imperva-securesphere-str-configuration-modify-success-configurationchanged |
| securesphere-system-2 |
imperva-securesphere-str-policy-modify-policychanged |
| securesphere-system-3 |
imperva-securesphere-cef-app-activity-systemevent |
| securityexpert-badge-access |
securityexpert-se-kv-physical-location-access-success-physicallocationaccess-1 |
| semperis-dsp-app-login |
semperis-dsp-kv-app-login-logintodsp |
| semperis-dsp-app-login-1 |
semperis-dsp-str-app-login-success-logindsp |
| semperis-dsp-ds-access |
semperis-dsp-str-ds-object-create-success-createobject |
| semperis-dsp-ds-access-1 |
semperis-dsp-str-ds-object-delete-success-deleteobject |
| semperis-dsp-ds-access-2 |
semperis-dsp-str-ds-object-modify-success-modifyobject |
| semperis-dsp-ds-access-3 |
semperis-dsp-str-ds-object-move-success-moveobject |
| semperis-dsp-privileged-object-access |
semperis-dsp-kv-user-privilege-use-success-permissionchanges |
| semperis-dsp-system-info |
semperis-dsp-kv-endpoint-notification-success-indicatorfound |
| semperis-dsp-system-info-1 |
semperis-dsp-kv-endpoint-notification-success-indicatorfailed |
| sendmail-email-from |
unix-sm-kv-email-send-success-from |
| sendmail-email-to |
unix-sm-kv-email-send-success-to |
| sentinel-ips-alert |
sentinelips-sips-cef-alert-trigger-success-outpost |
| sentinelone-dns-query |
sentinelone-singularityp-cef-dns-request-success-ndns |
| sentinelone-dns-response |
sentinelone-singularityp-sk4-dns-response-success-dns |
| sentinelone-dns-response-1 |
sentinelone-singularityp-kv-dns-response-success-dns |
| sentinelone-file-create |
sentinelone-singularityp-cef-file-write-success-filecreation |
| sentinelone-file-create-1 |
sentinelone-singularityp-cef-file-write-success-deep |
| sentinelone-file-delete |
sentinelone-singularityp-cef-file-delete-success-dproc |
| sentinelone-file-delete-1 |
sentinelone-singularityp-cef-file-delete-success-filedeletion |
| sentinelone-file-modify |
sentinelone-singularityp-cef-file-write-success-dproc |
| sentinelone-file-modify-1 |
sentinelone-singularityp-cef-file-write-success-endpoint |
| sentinelone-network-connection |
sentinelone-singularityp-kv-network-traffic-ntcpv4 |
| sentinelone-network-connection-1 |
sentinelone-singularityp-kv-network-traffic-ntcpv4-2 |
| sentinelone-network-connection-2 |
sentinelone-singularityp-cef-network-traffic-success-tcpv4listen |
| sentinelone-process-alert |
sentinelone-singularityp-json-alert-trigger-success-rulename |
| sentinelone-process-created |
sentinelone-singularityp-cef-process-create-success-processcreation |
| sentinelone-process-created-1 |
sentinelone-singularityp-cef-process-create-success-visibility |
| sentinelone-process-exit |
sentinelone-singularityp-mix-process-close-processexit |
| sentinelone-process-terminated |
sentinelone-singularityp-sk4-process-close-success-processtermination |
| sentinelone-reg-key-delete |
sentinelone-singularityp-sk4-registry-delete-regkeydelete |
| sentinelone-reg-key-updated |
sentinelone-singularityp-sk4-registry-modify-regkeysecuritychanged |
| sentinelone-security-alert |
sentinelone-singularityp-json-alert-trigger-success-annotation |
| sentinelone-security-alert-1 |
sentinelone-singularityp-kv-app-activity-success-malware |
| sentinelone-security-alert-10 |
sentinelone-singularityp-json-alert-trigger-success-threatname |
| sentinelone-security-alert-2 |
sentinelone-singularityp-json-alert-trigger-success-process |
| sentinelone-security-alert-3 |
sentinelone-singularityp-json-alert-trigger-success-packed |
| sentinelone-security-alert-4 |
sentinelone-singularityp-json-alert-trigger-success-security |
| sentinelone-security-alert-5 |
sentinelone-singularityp-json-alert-trigger-success-url |
| sentinelone-security-alert-6 |
sentinelone-singularityp-json-alert-trigger-success-classification |
| sentinelone-security-alert-7 |
sentinelone-singularityp-json-alert-trigger-success-backdoor |
| sentinelone-security-alert-8 |
sentinelone-singularityp-json-alert-trigger-success-virus |
| sentinelone-security-alert-9 |
sentinelone-singularityp-json-alert-trigger-success-ransomware |
| sentinelone-singularityp-json-system-event |
sentinelone-singularityp-json-scheduled_task-scheduledtask |
| sentinelone-system-event |
sentinelone-singularityp-sk4-registry-create-regkeycreate |
| sentinelone-system-event-1 |
sentinelone-singularityp-sk4-registry-create-regvaluecreate |
| sentinelone-system-event-10 |
sentinelone-singularityp-sk4-scheduled-task-start-schedtaskstart |
| sentinelone-system-event-11 |
sentinelone-singularityp-sk4-scheduled-task-start-schedtasktrigger |
| sentinelone-system-event-2 |
sentinelone-singularityp-sk4-registry-delete-regvaluedelete |
| sentinelone-system-event-3 |
sentinelone-singularityp-sk4-registry-modify-regvaluemodified |
| sentinelone-system-event-4 |
sentinelone-singularityp-sk4-scheduled-task-start-success-schedtaskstart |
| sentinelone-system-event-5 |
sentinelone-singularityp-cef-scheduled-task-start-schedtasktrigger |
| sentinelone-system-event-6 |
sentinelone-singularityp-cef-registry-modify-regvaluemodified |
| sentinelone-system-event-7 |
sentinelone-singularityp-sk4-process-close-success-processtermination-1 |
| sentinelone-system-event-8 |
sentinelone-singularityp-sk4-process-close-processexit |
| sentinelone-system-event-9 |
sentinelone-singularityp-sk4-registry-delete-regvaluedelete-1 |
| sentinelone-system-info |
sentinelone-singularityp-json-app-notification-success-agentid |
| sentinelone-system-info-1 |
sentinelone-singularityp-json-app-notification-success-accountname |
| sentinelone-task-delete |
sentinelone-singularityp-sk4-scheduled_task-delete-success-schedtaskdelete |
| sentinelone-task-register |
sentinelone-singularityp-cef-scheduled-task-create-success-schedtaskregister |
| sentinelone-task-update |
sentinelone-singularityp-cef-scheduled-task-create-success-schedtaskupdate-1 |
| sentinelone-task-update-1 |
sentinelone-singularityp-json-scheduled-task-create-success-schedtaskupdate |
| sentinelone-task-update-2 |
sentinelone-singularityp-cef-scheduled-task-create-success-schedtaskstart |
| sentinelone-web-activity |
sentinelone-s-cef-http-session-success-visibility |
| sentinelone-web-activity-1 |
sentinelone-singularityp-kv-http-session-success-endpoint |
| sentinelone-web-activity-2 |
sentinelone-s-cef-http-session-success-visibility-1 |
| sfdc-app-activity |
salesforce-sf-kv-app-activity-success-appactivity |
| sfdc-app-login |
salesforce-sf-json-app-login-success-loginurl |
| sfdc-app-login-1 |
salesforce-sf-kv-app-login-login |
| sftp-app-login |
sftp-s-csv-app-login-success-loginsuccess |
| sftp-failed-app-login |
sftp-s-csv-app-login-fail-loginfail |
| sftp-file-close |
unix-unix-str-file-read-success-close |
| sftp-file-delete |
sftp-s-csv-file-delete-success-filedeleted |
| sftp-file-download |
sftp-s-csv-file-download-success-filedownloaded |
| sftp-file-open |
unix-unix-str-file-read-success-open |
| sftp-file-read |
sftp-s-csv-file-read-success-openeddirectory |
| sftp-file-rename |
unix-unix-str-file-write-success |
| sftp-file-upload |
sftp-s-csv-file-upload-success-fileuploaded |
| sftp-file-write-1 |
sftp-s-csv-file-write-success-renamed |
| sftp-file-write-2 |
sftp-s-csv-file-write-success-directorycreated |
| sftp-logout |
sftp-s-csv-ftp-close-sessionclosed |
| sftp-remote-logon |
unix-unix-str-ssh-traffic-success-sftpsessionopened |
| sftp-session-closed |
unix-unix-str-ssh-close-success-sessionclosed |
| sftp-system-event |
sftp-s-csv-app-notification-toomanyfailures |
| shibboleth-auth-successful |
shibboleth-s-str-endpoint-login-success-saml |
| shibboleth-password-change |
shibboleth-s-str-user-password-modify-success-passwordchange |
| siebel-db-query |
"oracle-db-xml-database-query-success-siebel |
| sigsci-system-activity |
sigsci-sigsci-kv-app-activity-authenticate |
| sigsci-web-activity |
sigsci-sigsci-json-http-session-uri |
| sigsci-web-activity-1 |
sigsci-sigsci-json-http-session-servername |
| silverfort-auth-failed |
silverfort-s-kv-endpoint-login-fail-request |
| silverfort-auth-successful |
silverfort-s-cef-endpoint-authentication-success-adminconsole |
| siteminder-auth-attempt |
siteminder-symantecsm-str-endpoint-authentication-auth |
| siteminder-auth-failed |
siteminder-symantecsm-str-endpoint-login-fail-authattempt |
| siteminder-auth-failed-1 |
siteminder-symantecsm-kv-endpoint-authentication-fail-authreject |
| siteminder-auth-successful |
siteminder-symantecsm-kv-endpoint-authentication-success-authaccept |
| siteminder-vpn-logout |
siteminder-symantecsm-str-app-logout-success-authlogout |
| siteminder-web-activity-1 |
siteminder-symantecsm-kv-http-request-success-azaccept |
| siteminder-web-activity-2 |
siteminder-symantecsm-kv-http-request-success-validateaccept |
| siteminder-web-activity-3 |
siteminder-symantecsm-kv-app-activity-azreject |
| sitespect-web-activity |
sitespect-s-json-http-session-clusterid |
| sk4-bitglass-cloudsummary |
bitglass-casb-sk4-alert-trigger-success-cloudsummary |
| sk4-json-4611 |
microsoft-evsecurity-sk4-endpoint-notification-success-4611 |
| sk4-json-4647 |
microsoft-evsecurity-sk4-endpoint-logout-success-4647 |
| sk4-json-4662 |
microsoft-evsecurity-cef-ds-object-activity-success-4662-1 |
| sk4-json-4697 |
microsoft-evsecurity-cef-service-create-success-4697 |
| sk4-json-4720 |
microsoft-evsecurity-cef-user-create-success-4720-1 |
| sk4-json-4722 |
microsoft-evsecurity-cef-user-enable-success-4722-1 |
| sk4-json-4724 |
microsoft-evsecurity-cef-user-password-reset-success-4724-1 |
| sk4-json-4725 |
microsoft-evsecurity-cef-user-disable-success-4725-1 |
| sk4-json-4727 |
microsoft-evsecurity-sk4-group-create-success-4727 |
| sk4-json-4737 |
microsoft-evsecurity-sk4-group-modify-success-4737 |
| sk4-json-4767 |
microsoft-evsecurity-cef-user-unlock-success-4767 |
| sk4-json-4779 |
microsoft-evsecurity-cef-endpoint-logout-success-4779 |
| sk4-json-4781 |
microsoft-evsecurity-sk4-user-name-modify-4781 |
| sk4-json-4800 |
microsoft-evsecurity-cef-endpoint-lock-success-4800-1 |
| sk4-json-4801 |
microsoft-evsecurity-cef-endpoint-unlock-success-4801-1 |
| sk4-json-4985 |
microsoft-evsecurity-sk4-endpoint-notification-success-4985 |
| sk4-json-5137 |
microsoft-evsecurity-cef-ds-object-create-success-5137 |
| sk4-json-5141 |
microsoft-evsecurity-cef-ds-object-delete-success-5141 |
| sk4-json-member-added-2008 |
microsoft-evsecurity-cef-group-member-add-success-4728 |
| sk4-json-member-removed-2008 |
microsoft-evsecurity-sk4-group-member-remove-success-2008 |
| sk4-json-unix-account-created |
unix-unix-kv-user-create-success-useradd-1 |
| sk4-workday-app-auth-failed |
workday-wd-cef-endpoint-login-fail-proxyusername |
| sk4-workday-app-login |
workday-wd-cef-app-login-success-authentication |
| sk4-workday-failed-app-login |
workday-wd-cef-app-login-fail-expired |
| skyformation-cloudflare-waf |
cloudflare-waf-sk4-http-session-firewallmatchesactions |
| skyformation-cloudflare-waf-1 |
cloudflare-waf-cef-http-session-firewall |
| skyformation-cloudflare-waf-2 |
cloudflare-waf-cef-http-session-clientip |
| skyformation-cloudflare-waf-3 |
cloudflare-waf-cef-http-session-success-securityactions |
| skyformation-cloudflare-waf-4 |
cloudflare-waf-cef-http-session-success-securityactions-1 |
| skyformation-prisma-app-activity |
pan-prisma-sk4-app-activity-prismacloud |
| skyformation-prisma-security-alert |
pan-prisma-sk4-alert-trigger-success-prismacloud |
| skyformation-prisma-security-alert-2 |
pan-prisma-sk4-alert-trigger-success-prismacloud-1 |
| skyformation-siem-settings-event |
exabeam-search-cef-app-notification-settings |
| skyhigh-dlp-alert |
mcafee-sncasb-kv-alert-trigger-success-timeupdated |
| skyhigh-dlp-alert-1 |
mcafee-sncasb-kv-alert-trigger-success-hierarchy |
| skyhigh-dlp-alert-2 |
mcafee-sncasb-kv-alert-trigger-success-useraction |
| slack-app-activity-1 |
slack-s-json-app-activity-success-customtosaccepted |
| slack-app-activity-2 |
slack-s-json-app-activity-success-fileshared |
| slack-app-activity-3 |
slack-s-json-app-activity-success-privatechannelcreated |
| slack-app-activity-4 |
slack-s-json-app-activity-success-publicchannelcreated |
| slack-app-activity-5 |
slack-s-json-app-activity-success-userchanneljoin |
| slack-app-activity-6 |
slack-s-json-app-activity-success-userchannelleave |
| slack-app-activity-7 |
slack-s-json-app-activity-success-userdeactivated |
| slack-app-activity-8 |
slack-s-json-app-activity-success-userlogout |
| slack-app-login |
slack-s-json-app-login-success-userlogin |
| slack-file-download |
slack-s-json-file-download-success-filedownloaded |
| slack-file-upload |
slack-s-json-file-upload-success-fileuploaded |
| smartdashboard-app-login |
checkpoint-ngfw-kv-app-login-success-smartdashboard |
| snare-1102 |
microsoft-evsecurity-kv-log-clear-success-1102-1 |
| snare-4719 |
microsoft-evsecurity-kv-audit-policy-modify-success-4719-1 |
| snare-517 |
microsoft-evsecurity-kv-log-clear-success-auditlogclear |
| snare-576 |
microsoft-windows-kv-user-privilege-assign-success-576-1 |
| snare-577 |
microsoft-windows-kv-user-privilege-use-success-577 |
| snare-578 |
microsoft-windows-str-user-privilege-use-success-privileged |
| snare-592 |
microsoft-evsecurity-str-process-create-success-592 |
| snare-612 |
microsoft-evsecurity-kv-audit_policy-modify-success-auditpolicychange |
| snare-cef-member-added-2008 |
microsoft-evsecurity-cef-group-member-add-success-snare |
| snare-unix-su-1 |
unix-unix-str-user-switch-success-accountswitch |
| snare-unix-su-2 |
unix-unix-str-user-switch-success-su |
| snort-alert |
snort-s-str-alert-trigger-success-classification |
| snort-network-alert |
snort-s-json-alert-trigger-success-idssnort |
| snort-network-alert-1 |
snort-s-str-alert-trigger-success-snortids |
| snort-network-alert-2 |
snort-s-str-alert-trigger-success-portsweep |
| snort-network-alert-3 |
snort-s-str-alert-trigger-success-priority |
| snow-app-activity |
servicenow-s-kv-app-activity-success-operation |
| solaris-audit-process |
oracle-solaris-str-process-create-702911 |
| solaris-audit-process-1 |
oracle-solaris-csv-endpoint-activity-auditnotice |
| sonicwall-dhcp |
dell-sw-mix-app-activity-assignedipaddress |
| sonicwall-dns-query |
dell-sw-kv-dns-request-success-1481 |
| sonicwall-dns-response |
dell-sw-kv-dns-response-1482 |
| sonicwall-fw-network-alert |
dell-sw-kv-alert-trigger-success-networkalert |
| sonicwall-fw-network-alert-1 |
dell-sw-kv-alert-trigger-success-security |
| sonicwall-fw-network-alert-2 |
sonicwall-sw-kv-alert-trigger-success-2 |
| sonicwall-fw-web-activity |
dell-sw-kv-http-session-category |
| sonicwall-network-connection-start |
dell-sw-kv-network-start-98 |
| sonicwall-network-connection-stop |
dell-sw-kv-network-session-537 |
| sonicwall-network-info |
dell-sw-kv-app-activity-appactivity |
| sonicwall-system-info |
dell-sw-kv-app-notification-success-firewall |
| sophos-app-activity-1 |
sophos-ep-json-alert-trigger-detected-1 |
| sophos-app-activity-failed |
sophos-ep-kv-app-activity-fail-blocked |
| sophos-app-activity-failed-1 |
sophos-ep-kv-app-activity-fail-adwareorpua |
| sophos-app-login |
sophos-xgfirewall-kv-app-login-success-sfw |
| sophos-app-logout |
sophos-xgfirewall-kv-app-logout-success-loggedout |
| sophos-app-system-events |
sophos-ep-kv-alert-trigger-web |
| sophos-app-system-events-1 |
sophos-ep-kv-app-activity-success-appsystemevent |
| sophos-app-usb-insert |
sophos-ep-kv-peripheral-storage-insert-success-usb |
| sophos-config-change-1 |
sophos-ep-cef-app-notification-updatesuccess |
| sophos-config-change-2 |
sophos-ep-mix-app-notification-updatefailure |
| sophos-config-change-3 |
sophos-ep-mix-app-notification-savdisabled |
| sophos-config-change-4 |
sophos-ep-json-app-notification-savenabled |
| sophos-dlp-alert-1 |
sophos-ep-json-alert-trigger-success-deviceblocked |
| sophos-epp-logwriter-alert |
sophos-ep-kv-alert-trigger-success-virus |
| sophos-leef-epp-dlp-alert |
sophos-ep-leef-alert-trigger-success-datacontrol |
| sophos-leef-epp-usb-activity |
sophos-ep-leef-file-write-success-devicecontrol |
| sophos-leef-epp-usb-activity-2 |
sophos-ep-leef-file-write-success-datacontrol |
| sophos-leef-epp-usb-block |
sophos-ep-leef-alert-trigger-success-devicecontrol |
| sophos-leef-epp-virus-alert |
sophos-ep-leef-alert-trigger-success-spyware |
| sophos-leef-epp-web-alert |
sophos-ep-leef-alert-trigger-success-enterpriseconsole |
| sophos-network-alert |
sophos-ep-kv-alert-trigger-success-devicecontrol |
| sophos-network-connection |
sophos-xgfirewall-kv-vpn-login-logout-sfw |
| sophos-network-connection-1 |
sophos-ep-sk4-network-traffic-fail-blocked |
| sophos-network-connection-2 |
sophos-utm-kv-network-traffic-ulogd |
| sophos-network-connection-3 |
sophos-ep-kv-network-traffic-fail-blocked-1 |
| sophos-policy |
sophos-ep-json-app-notification-nocompliant |
| sophos-proxy |
sophos-utm-kv-http-session-req |
| sophos-proxy-1 |
sophos-utm-kv-http-session-success-access |
| sophos-proxy-2 |
sophos-utm-kv-http-session-fail-requestblocked |
| sophos-safeguard-activity |
sophos-safeguard-kv-app-activity-appactivity |
| sophos-security-alert |
sophos-ep-json-alert-trigger-success-webcontrolviolation |
| sophos-security-alert-1 |
sophos-ep-sk4-alert-trigger-success-endpointevent |
| sophos-security-alert-2 |
sophos-ep-json-alert-trigger-success-applicationblocked |
| sophos-system-event |
sophos-ep-json-app-notification-updaterebootrequired |
| sophos-system-event-1 |
sophos-ep-sk4-app-notification-success-updaterebooturgentlyrequired |
| sophos-system-event-2 |
sophos-ep-mix-app-notification-compliant |
| sophos-system-event-3 |
sophos-ep-cef-app-notification-outofdate |
| sophos-system-event-4 |
sophos-ep-mix-app-notification-servicenotrunning |
| sophos-system-event-5 |
sophos-ep-mix-app-notification-servicerestored |
| sophos-system-event-6 |
sophos-ep-mix-endpoint-scan-savscancomplete |
| sophos-system-event-7 |
sophos-ep-sk4-app-notification-success-corereboot |
| sophos-system-event-8 |
sophos-ep-sk4-app-notification-success-corepuareboot |
| sophos-threat-alert |
sophos-ep-kv-alert-trigger-success-alerttriggerd |
| sophos-threat-alert-1 |
sophos-ep-kv-alert-trigger-success-728 |
| sophos-usb-insert |
sophos-ep-json-peripheral-storage-insert-success-peripheral |
| sophos-web-alert |
sophos-ep-json-http-session-fail-endpoint |
| source-fire-network-alert-1 |
cisco-sourcefire-kv-alert-trigger-classification |
| sourcefire-estreamer-alert |
cisco-fp-str-alert-trigger-success-eventusec |
| sourcefire-estreamer-alert-2 |
cisco-fp-csv-alert-trigger-success-primarydetectionengine |
| sourcefire-network-alert |
cisco-fp-json-alert-trigger-success-connectiontimestamp |
| sourcefire-network-alert-1 |
cisco-fp-json-alert-trigger-success-sinkhole |
| sourcefire-network-alert-2 |
cisco-fp-kv-alert-trigger-success-interfaceingress |
| sourcefire-network-alert-3 |
cisco-fp-kv-alert-trigger-success-acpolicy |
| sourcefire-network-alert-4 |
cisco-fp-json-alert-trigger-success-netbiosssn |
| sourcefire-network-alert-5 |
cisco-fp-json-alert-trigger-success-portsecurity |
| sourcefire-proxy |
cisco-fp-kv-http-session-sfims |
| sourcefire-proxy-1 |
cisco-fp-kv-http-session-policy |
| sourcefire-security-alert |
cisco-fp-str-alert-trigger-success-impact |
| spanish-raw-4624 |
microsoft-evsecurity-kv-endpoint-spanish-4624 |
| spanish-raw-4625 |
microsoft-evsecurity-kv-endpoint-login-fail-4625-4 |
| spanish-raw-4634 |
microsoft-evsecurity-kv-endpoint-logout-success-4634 |
| spanish-raw-4672 |
microsoft-evsecurity-kv-user-privilege-assign-success-4672 |
| spanish-raw-4688 |
microsoft-evsecurity-kv-process-create-success-4688-4 |
| spanish-raw-4689 |
microsoft-evsecurity-kv-process-close-success-4689-3 |
| specops-account-password-reset |
"specops-spr-xml-user-password-reset-success-passwordresetsucceeded |
| specops-account-unlocked |
"specops-spr-xml-user-unlock-success-unlock |
| splunk-app-activity |
splunk-ses-kv-app-activity-searchname |
| splunk-app-activity-1 |
splunk-ses-kv-app-activity-sendmodaction |
| squid-web-activity |
squid-s-str-http-session-squidaccess |
| squid-web-activity-1 |
squid-s-str-http-session-squidwebactivity |
| squid-web-activity-2 |
squid-s-csv-http-session-evt |
| squid-web-activity-3 |
squid-s-str-http-session-squid |
| squid-web-activity-4 |
squid-s-json-http-session-responsestatus |
| squid-web-activity-5 |
squid-s-str-http-session-squidproxy |
| ssh-remote-logon |
linux-ssh-json-ssh-traffic-success-sshlogon |
| ssh-vectra-meta-data |
vectra-cs-kv-ssh-traffic-success-metadatassh |
| stealthintercept-auth-failed |
stealthbits-s-kv-vpn-login-fail-failedlogin |
| stealthintercept-auth-successful |
stealthbits-s-kv-vpn-login-success-loginsucceed |
| stealthwatch-network-alert |
cisco-securenwanalytics-kv-alert-trigger-success-stealthwatch |
| stealthwatch-network-alert-1 |
cisco-securenwanalytics-kv-alert-trigger-success-additionalinfo |
| stealthwatch-network-alert-2 |
cisco-securenwanalytics-str-alert-trigger-success-z |
| stealthwatch-network-alert-3 |
cisco-securenwanalytics-cef-alert-trigger-success-fcdvc |
| stealthwatch-network-alert-4 |
cisco-securenwanalytics-cef-alert-trigger-success-src |
| sterling-adapter-runtime |
ibm-sbi-csv-app-activity-runtimestate |
| sterling-app-activity |
ibm-sbi-csv-app-activity-success-sterling |
| sterling-change-logging |
ibm-sbi-csv-configuration-modify-sterling |
| sterling-failed-authorization |
ibm-sbi-str-app-authentication-fail-authorizationfailed |
| sterling-failed-logon-1 |
ibm-sbi-str-endpoint-login-fail-authfailed |
| sterling-failed-logon-2 |
ibm-sbi-str-endpoint-login-fail-loginfailure |
| sterling-ldap-authentication |
ibm-sbi-str-app-authentication-success-authenticationpolicy |
| sterling-member-added |
ibm-sbi-str-group-member-add-success-addgroup |
| sterling-member-removed |
ibm-sbi-csv-group-member-remove-success-sterling |
| sterling-modified-system-nm |
ibm-sbi-str-app-activity-systemname |
| sterling-no-login-fail |
ibm-sbi-csv-app-notification-success-nologinfailures |
| sterling-register-jndi |
ibm-sbi-csv-app-notification-jnditree |
| sterling-remote-logon |
ibm-sbi-kv-endpoint-login-success-usersessioncreated |
| sterling-remove-jndi |
ibm-sbi-csv-app-activity-removejndi |
| sterling-shutdown-adapter |
ibm-sbi-csv-service-stop-stateless |
| sterling-soft-stop |
ibm-sbi-csv-service-stop-softstop |
| successfactors-app-activity-1 |
sap-sf-mix-group-create-mulee |
| successfactors-app-activity-2 |
sap-sf-mix-group-modify-mulee |
| successfactors-app-activity-3 |
sap-sf-mix-app-activity-processmulee |
| successfactors-app-activity-4 |
sap-sf-mix-group-modify-update |
| successfactors-app-login |
sap-sf-mix-app-login-mulee-1 |
| successfactors-auth-success |
sap-sf-mix-app-authentication-success-authenticate |
| suricata-network-alert |
suricata-ids-str-alert-trigger-success-idsalert |
| suricata-network-alert-1 |
suricata-s-json-alert-trigger-success-pdsuricata |
| suricata-network-alert-2 |
suricata-ids-json-alert-trigger-success-signature |
| suricata-network-alert-3 |
suricata-s-json-alert-trigger-success-suricata |
| swift-account-password-change |
swift-s-cef-user-password-modify-success-passwordchanged |
| swift-account-password-change-failed |
swift-s-cef-user-password-modify-fail-changefailed |
| swift-app-login |
swift-s-cef-app-login-success-signon |
| swift-app-login-1 |
swift-s-cef-app-login-success-web |
| swift-app-login-failed |
swift-s-cef-app-login-fail-loginfailure |
| swift-app-logout |
swift-s-cef-app-logout-success-signoff |
| swift-app-logout-1 |
swift-s-cef-app-logout-success-alliance |
| swift-system-info |
swift-s-cef-app-notification-webplatform |
| swivel-authentication-activity |
swivel-swivel-str-app-activity-success-pinsafe |
| swivel-authentication-failed |
swivel-swivel-str-app-login-fail-info |
| swivel-authentication-success |
swivel-swivel-str-app-login-success-info |
| symantec-account-config-change |
symantec-csp-csv-configuration-modify-success-configurationchanged |
| symantec-account-member-added |
symantec-csp-kv-group-member-add-success-usercreated |
| symantec-account-member-removed |
symantec-csp-json-group-member-remove-success-userdeleted |
| symantec-account-switch-failed |
symantec-csp-json-endpoint-login-fail-failedsuto |
| symantec-account-switch-success |
symantec-csp-kv-user-switch-success-successfulsu |
| symantec-alert-jp |
symantec-endpointprotection-csv-alert-trigger-success-securityriskfound |
| symantec-alert-jp-1 |
symantec-endpointprotection-csv-alert-trigger-success-sonaralloweddetection |
| symantec-alert-jp-2 |
symantec-endpointprotection-csv-alert-trigger-success-virusfound |
| symantec-alert-jp-3 |
symantec-endpointprotection-csv-alert-trigger-success-potentialriskfound |
| symantec-app-activity |
symantec-vip-json-app-checkforchallenge |
| symantec-app-activity-1 |
symantec-edr-json-app-activity-success-scanstarted |
| symantec-app-activity-2 |
symantec-edr-json-app-activity-success-informationsubmitted |
| symantec-atp-alert |
symantec-atp-cef-alert-trigger-success-atpu |
| symantec-authentication-successful |
symantec-edr-json-endpoint-login-success-signedoktaauthenticationflow |
| symantec-av-dlp-alert |
symantec-endpointprotection-kv-network-traffic-block |
| symantec-av-dlp-alert-cn |
symantec-ep-csv-network-traffic-success-localremoteoperation |
| symantec-cloud-activity |
symantec-cloudsoc-cef-file-activity-symanteccloudsoc |
| symantec-cloud-dlp-alert |
symantec-cloudsoc-sk4-alert-trigger-success-fromdetect |
| symantec-dlp-alert |
symantec-dlp-kv-alert-trigger-success-riskseverity |
| symantec-dlp-alert-1 |
symantec-dlp-kv-alert-trigger-success-endpoint |
| symantec-dlp-alert-2 |
symantec-dlp-kv-alert-trigger-success-incidentid |
| symantec-dlp-cit-alert |
symantec-dlp-str-alert-trigger-success-blocked |
| symantec-dlp-email-alert-in |
symantec-dlp-kv-email-receive-success-emailreceive |
| symantec-edr-alert-1 |
symantec-atp-json-alert-trigger-success-datasourceurlreferer |
| symantec-edr-alert-2 |
symantec-atp-json-alert-trigger-success-symcdeviceaction |
| symantec-edr-system-info |
symantec-endpointprotection-kv-app-activity-category |
| symantec-edr-system-info-1 |
symantec-endpointprotection-cef-endpoint-notification-success-infosubmitted |
| symantec-email-alert-out |
symantec-dlp-kv-email-send-success-smtp |
| symantec-epp-alert |
symantec-endpointprotection-kv-alert-trigger-success-requestedaction |
| symantec-epp-alert-chinese |
symantec-endpointprotection-csv-alert-trigger-success-requestedaction |
| symantec-epp-alert-japanese |
symantec-endpointprotection-csv-alert-trigger-success-cids |
| symantec-epp-cef-alert |
symantec-endpointprotection-cef-alert-trigger-success-alerttrigger |
| symantec-epp-cef-alert-2 |
symantec-endpointprotection-cef-alert-trigger-success-intrusiondetected |
| symantec-epp-network-alert |
symantec-endpointprotection-kv-alert-trigger-success-scanningyourcomputer |
| symantec-epp-network-alert-1 |
symantec-endpointprotection-kv-alert-trigger-success-denialofservice |
| symantec-epp-network-alert-2 |
symantec-endpointprotection-kv-network-traffic-fail-block |
| symantec-epp-network-alert-3 |
symantec-endpointprotection-kv-alert-trigger-success-arpreplydetected |
| symantec-epp-network-connection |
symantec-endpointprotection-csv-network-traffic-fail-bloques |
| symantec-epp-ntp-alert |
symantec-endpointprotection-kv-alert-trigger-success-cidssignaturestring |
| symantec-epp-ntp-alert-chinese |
symantec-endpointprotection-csv-alert-trigger-success-characterstring |
| symantec-epp-usb-activity-1 |
symantec-endpointprotection-csv-file-write-success-fichier |
| symantec-file-alert |
symantec-atp-json-alert-trigger-success-8031004 |
| symantec-file-delete |
symantec-atp-json-file-delete-success-8003 |
| symantec-file-delete-2 |
symantec-atp-json-file-delete-success-8004 |
| symantec-file-write |
symantec-atp-json-file-write-success-8003 |
| symantec-file-write-2 |
symantec-atp-json-file-write-success-8003-1 |
| symantec-file-write-3 |
symantec-atp-json-file-write-success-8003-2 |
| symantec-file-write-4 |
symantec-atp-json-file-write-success-8003-3 |
| symantec-file-write-5 |
symantec-atp-json-file-write-success-8003-4 |
| symantec-file-write-6 |
symantec-atp-json-alert-trigger-8003006 |
| symantec-group-created |
symantec-csp-kv-group-member-add-success-groupcreated |
| symantec-group-member-changed |
symantec-csp-kv-configuration-modify-success-groupmembershipchanged |
| symantec-group-member-deleted |
symantec-csp-json-group-member-remove-success-groupdeleted |
| symantec-icdx-network-alert |
symantec-endpointprotection-cef-alert-trigger-success-networkdetection |
| symantec-icdx-process-alert |
symantec-endpointprotection-cef-alert-trigger-success-hostprocessdetection |
| symantec-icdx-security-alert |
symantec-endpointprotection-cef-alert-trigger-success-scan |
| symantec-local-logon-failed |
symantec-csp-json-endpoint-login-fail-failedlogin |
| symantec-local-logon-success |
symantec-csp-json-endpoint-login-success-userloggedin |
| symantec-logout |
symantec-edr-json-app-logout-success-signedoutinactive |
| symantec-logout-1 |
symantec-edr-json-app-logout-success-signedoutcloudconsol |
| symantec-message-alert |
symantec-dlp-kv-alert-trigger-success-dlphost |
| symantec-network-connection |
symantec-endpointprotection-kv-network-traffic-fail-rule |
| symantec-network-connection-1 |
symantec-endpointprotection-str-network-traffic-fail-location |
| symantec-network-connection-2 |
symantec-endpointprotection-kv-network-traffic-location |
| symantec-primary-group-changed |
symantec-csp-kv-configuration-modify-success-primarygroupchanged |
| symantec-print-activity |
symantec-dlp-str-printer-activity-success-faxincident |
| symantec-process-created |
symantec-atp-json-process-create-success-8001001 |
| symantec-remote-logon |
symantec-atp-json-endpoint-login-fail-8007001 |
| symantec-security-alert |
symantec-dlp-json-alert-trigger-success-virussrc |
| symantec-security-alert-1 |
symantec-esc-json-alert-trigger-success-squrlrecipient |
| symantec-security-alert-2 |
symantec-endpointprotection-kv-alert-trigger-success-symanteceprisk |
| symantec-security-alert-3 |
symantec-endpointprotection-kv-alert-trigger-success-registryread |
| symantec-security-alert-french |
symantec-endpointprotection-kv-alert-trigger-success-detecte |
| symantec-system-info-1 |
symantec-edr-json-app-notification-success-detectedonstream |
| symantec-system-info-2 |
symantec-edr-json-app-notification-success-liveupdatesession |
| symantec-system-info-3 |
symantec-edr-json-app-notification-success-update |
| symantec-system-info-4 |
symantec-edr-json-app-notification-success-scancomplete |
| symantec-usb-activity |
symantec-dlp-kv-alert-trigger-success-policyviolated |
| symantec-usb-block |
symantec-endpointprotection-csv-peripheral-storage-activity-fail-blocked |
| symantec-usb-delete |
symantec-dlp-csv-file-write-success-filedelete |
| symantec-usb-delete-1 |
symantec-dlp-json-peripheral-storage-activity-success-filedelete |
| symantec-usb-insert |
symantec-dlp-kv-peripheral-storage-insert-success-devicewas |
| symantec-usb-insert-1 |
symantec-dlp-kv-peripheral-storage-insert-success-allowedthedevice |
| symantec-usb-read |
symantec-dlp-csv-file-read-success-filread |
| symantec-usb-read-1 |
symantec-dlp-json-file-read-success-fileread |
| symantec-usb-write |
symantec-dlp-csv-file-write-success-filewrite |
| symantec-usb-write-1 |
symantec-dlp-csv-file-write-success-usbtransfer |
| symantec-usb-write-2 |
symantec-dlp-json-file-write-success-filewrite |
| symantec-web-activity |
symantec-wss-cef-http-session-request |
| symantec-web-activity-1 |
symantec-wss-sk4-http-session-symantecwss |
| symantec-web-activity-2 |
symantec-fireglass-cef-http-session-url |
| symantec-web-activity-3 |
symantec-wss-sk4-http-session-denied |
| symantec-web-activity-4 |
symantec-wss-sk4-http-session-proxied |
| symantec-web-activity-5 |
symantec-wss-sk4-http-session-observed |
| syslog-4625-ch |
microsoft-evsecurity-kv-endpoint-login-fail-4625-5 |
| syslog-4648 |
microsoft-evsecurity-kv-endpoint-user-success-4648 |
| syslog-4689 |
microsoft-evsecurity-kv-process-close-success-4689-1 |
| syslog-4689-1 |
microsoft-evsecurity-kv-process-close-success-4689-2 |
| syslog-4768-ch |
microsoft-evsecurity-kv-endpoint-login-4768-5 |
| syslog-4769-ch |
microsoft-evsecurity-kv-endpoint-login-4769-5 |
| syslog-4774 |
microsoft-evsecurity-kv-endpoint-authentication-4774-1 |
| syslog-4776-ch |
microsoft-evsecurity-kv-endpoint-login-4776-5 |
| syslog-4776-multiline |
microsoft-evsecurity-kv-endpoint-login-fail-4776 |
| syslog-4985 |
microsoft-evsecurity-kv-endpoint-notification-4985-1 |
| syslog-5140-ch |
microsoft-evsecurity-kv-share-access-success-5140-3 |
| syslog-5145-ch |
microsoft-evsecurity-kv-share-access-5145-9 |
| syslog-5156-ch |
microsoft-evsecurity-kv-network-session-success-5156-1 |
| syslog-5158 |
microsoft-evsecurity-mix-network-session-success-5158 |
| syslog-barracuda-email |
barracuda-esg-str-email-send-receive-scan |
| syslog-bit9-file-alert |
vmware-carbonblackedr-kv-alert-trigger-success-alerttriggerd |
| syslog-brightmail-email-accept |
symantec-esc-str-email-accept |
| syslog-brightmail-email-attachment |
symantec-esc-str-email-attachment |
| syslog-brightmail-email-attachment-1 |
symantec-esc-str-email-attachment-1 |
| syslog-brightmail-email-bytes |
symantec-esc-str-email-bytes |
| syslog-brightmail-email-delivery |
symantec-esc-str-email-delivery |
| syslog-brightmail-email-direction |
symantec-esc-str-email-direction |
| syslog-brightmail-email-in |
symantec-esc-str-email-receive-success-emailreceived |
| syslog-brightmail-email-recipient |
symantec-esc-str-email-recipient |
| syslog-brightmail-email-return-path |
symantec-esc-str-email-returnpath |
| syslog-brightmail-email-sender |
symantec-esc-str-email-sender |
| syslog-brightmail-email-subject |
symantec-esc-str-email-subject |
| syslog-checkpoint-app-login |
checkpoint-ngfw-kv-app-login-success-appiname |
| syslog-checkpoint-app-login-1 |
checkpoint-ngfw-kv-app-login-success-appiname-1 |
| syslog-checkpoint-network-alert |
checkpoint-tp-kv-alert-trigger-success-monitor |
| syslog-cisco-cta-security-alert |
cisco-amp-kv-alert-trigger-success-toolcta |
| syslog-cisco-wsa-web-activity |
cisco-securewebapp-str-http-session-accesslog |
| syslog-cisco-wsa-web-activity-nxlog |
cisco-securewebapp-str-http-session-fail-nxlog |
| syslog-config-change |
"microsoft-sysmon-xml-dll-load-6 |
| syslog-config-change-1 |
microsoft-sysmon-str-driver-load-6 |
| syslog-dhcpd-1 |
unix-unixdhcpd-json-dhcp-session-success-dhcppackon |
| syslog-dhcpd-2 |
unix-unixdhcpd-json-dhcp-session-success-dhcprequest |
| syslog-dhcpd-3 |
unix-unixdhcpd-json-dhcp-session-success-program |
| syslog-dhcpd-4 |
unix-unixdhcpd-str-dhcp-session-success-dhcpd |
| syslog-f5-dns-query |
f5-bigipdns-str-dns-request-success-qid |
| syslog-f5-dns-query-1 |
f5-bigipdns-kv-dns-request-response-success-dns |
| syslog-f5-dns-response |
f5-bigipdns-str-dns-response-success-to |
| syslog-file-operations |
"microsoft-sysmon-xml-file-time-modify-2 |
| syslog-inky-phishing-security-alert |
inky-ap-json-alert-trigger-success-inkyevent-1 |
| syslog-inky-phishing-security-alert-1 |
inky-ap-json-alert-trigger-success-inkyevent |
| syslog-json-4663 |
microsoft-evsecurity-json-file-success-4663 |
| syslog-json-4720 |
microsoft-evsecurity-json-user-create-success-4720 |
| syslog-json-4722 |
microsoft-evsecurity-json-user-enable-success-4722 |
| syslog-json-4723 |
microsoft-evsecurity-json-user-password-modify-4723-1 |
| syslog-json-4724 |
microsoft-evsecurity-json-user-password-reset-success-4724 |
| syslog-json-4725 |
microsoft-evsecurity-json-user-disable-success-4725-2 |
| syslog-json-4740 |
microsoft-evsecurity-json-user-lock-success-4740 |
| syslog-json-4767 |
microsoft-evsecurity-json-user-unlock-success-4767 |
| syslog-json-member-added-2008 |
microsoft-evsecurity-json-group-member-add-success-sourcemoduletype |
| syslog-juniper-vpn-connect |
juniper-ps-str-vpn-login-success-connected-2 |
| syslog-juniper-vpn-login-failed |
juniper-ps-mix-vpn-login-fail-hostchecker |
| syslog-juniper-vpn-realm |
juniper-ps-mix-vpn-login-success-passed |
| syslog-juniper-vpn-realm-1 |
"juniper-ps-cef-vpn-login-success-passed |
| syslog-juniper-vpn-relogin |
juniper-ps-str-vpn-logout-success-loggedout |
| syslog-l7-app-activity-get |
kemp-loadmaster-str-app-activity-success-user |
| syslog-l7-app-activity-post |
kemp-loadmaster-str-app-activity-success-requestedpost |
| syslog-l7-remote-logon |
kemp-loadmaster-str-endpoint-login-success-loggedon |
| syslog-l7-security-alert |
kemp-loadmaster-str-alert-trigger-success-attempted |
| syslog-liebsoft-account-switch |
beyondtrust-privmgmt-kv-user-switch-success-passwordretrieved |
| syslog-liebsoft-account-switch-1 |
beyondtrust-b-kv-user-switch-success-passwordcheckedout |
| syslog-malwarebytes-security-alert |
malwarebytes-ep-json-alert-trigger-success-attackmodules |
| syslog-mcafee-dlp-email-alert |
mcafee-dlp-str-email-send-fail-dlponditions |
| syslog-mcafee-epo-alert |
mcafee-es-csv-alert-trigger-success-epolicyorchestrator |
| syslog-mcafee-epo-dlp-alert |
mcafee-dlp-json-alert-trigger-success-analyzerdlp |
| syslog-mcafee-network-alert |
mcafee-nsm-str-alert-trigger-success-attack |
| syslog-mcafee-usb-activity |
mcafee-es-str-file-write-success-usbconditions |
| syslog-microsoft-dhcp |
microsoft-windows-cef-dhcp-session-success-dhcpserver |
| syslog-microsoft-print-activity |
microsoft-evprintservice-str-printer-activity-success-printed |
| syslog-microsoft-print-activity-1 |
microsoft-evprintservice-kv-printer-activity-success-307 |
| syslog-morphisec-security-alert |
morphisec-eptp-json-alert-trigger-success-protectorip |
| syslog-mysql-dbquery |
mysql-m-csv-database-query-success-query |
| syslog-mysql-dbwrite |
mysql-m-csv-database-query-success-write |
| syslog-physical-badge-access |
badge-b-csv-physical-location-access-success-ocardadmitted |
| syslog-physical-badge-access-1 |
lenel-og-kv-physical-location-access-accessgranted |
| syslog-process-terminated |
"microsoft-sysmon-xml-process-close-5-1 |
| syslog-pulsesecure-vpn-connect |
"juniper-ps-cef-vpn-login-success-connected |
| syslog-qip-dhcp |
nokia-vqip-str-dhcp-session-success-qip |
| syslog-r-authmgr-auth-successful |
dell-rsaauthmngr-str-endpoint-login-success-ucm |
| syslog-ricoh-print-activity |
ricoh-r-kv-printer-activity-success-3 |
| syslog-rsa-auth-failed |
dell-rsaauthmngr-kv-endpoint-authentication-fail-userauthz |
| syslog-rsa-auth-successful |
dell-rsaauthmngr-kv-endpoint-authentication-success-userauthz |
| syslog-rsa-logout |
dell-rsaauthmngr-kv-app-logout-success-sessionremoved |
| syslog-sophos-snmp-alert-belongs |
sophos-ep-kv-alert-trigger-success-variablebindings |
| syslog-sophos-snmp-alert-detected |
sophos-ep-kv-alert-trigger-success-alertdetected |
| syslog-sophos-snmp-denied |
sophos-ep-kv-alert-trigger-success-accessdenied |
| syslog-ssomgr-app-activity |
kemp-loadmaster-kv-app-activity-success-ssoauthtokenreused |
| syslog-steelhead-rpch-ssh |
riverbedsteelhead-rs-kv-network-notification-sport |
| syslog-steelhead-smbsign-cfe |
riverbedsteelhead-rs-str-app-notification-smbsign |
| syslog-symantec-dlp-alert |
symantec-dlp-kv-email-send-success-endpointmachine |
| syslog-symantec-dlp-alert-1 |
symantec-dlp-str-email-send-success-emailsend |
| syslog-symantec-dlp-alert-2 |
symantec-dlp-str-alert-trigger-success-threatitp |
| syslog-symantec-dlp-alert-3 |
symantec-dlp-kv-email-send-success-emailsend-1 |
| syslog-symantec-dlp-alert-4 |
symantec-dlp-kv-email-send-success-emailsend-2 |
| syslog-symantec-dlp-alert-5 |
symantec-dlp-json-alert-trigger-success-rule |
| syslog-symantec-dlp-alert-6 |
symantec-dlp-kv-alert-trigger-success-monitorname |
| syslog-symantec-dlp-alert-7 |
symantec-dlp-kv-email-send-success-emailsend-3 |
| syslog-symantec-mss-alert |
symantec-mss-csv-alert-trigger-success-alertconditions |
| syslog-symantec-system-info |
symantec-dlp-str-app-notification-vontusystemevent |
| syslog-symantec-usb-write |
symantec-dlp-cef-file-write-success-usbdrives |
| syslog-system-info |
"microsoft-sysmon-xml-service-state-modify-4 |
| syslog-vontu-dlp-alert |
symantec-dlp-kv-email-send-incident |
| syslog-xceedium-failed-login |
xceedium-x-csv-app-login-fail-baduserid |
| syslog-xceedium-login |
xceedium-x-csv-app-login-success-loggedin |
| syslog-xsuite-remote-logon |
xsuite-x-kv-endpoint-login-success-connected |
| sysmon-file-create |
microsoft-sysmon-kv-file-write-success-filecreate |
| sysmon-file-create-2 |
microsoft-sysmon-json-kv-file-time-modify-timechanged |
| sysmon-file-delete |
microsoft-sysmon-kv-file-delete-success-filedelete |
| sysmon-file-write-1 |
microsoft-sysmon-json-registry-12 |
| sysmon-file-write-2 |
microsoft-sysmon-json-file-stream-create-15 |
| sysmon-file-write-3 |
microsoft-sysmon-kv-registry-success-12 |
| sysmon-file-write-4 |
microsoft-evapp-kv-app-notification-success-1001 |
| sysmon-image-loaded |
microsoft-sysmon-kv-dll-load-success-7 |
| sysmon-process-created |
microsoft-sysmon-kv-process-create-success-processcreate |
| sysmon-process-created-1 |
microsoft-sysmon-kv-process-create-success-createremotethread |
| sysmon-process-created-2 |
microsoft-sysmon-kv-process-create-success-processcreate-1 |
| sysmon-process-network |
microsoft-sysmon-kv-mul-network-session-success-detected |
| sysmon-process-terminated |
microsoft-sysmon-kv-process-close-success-processterminated |
| sysmon-process-terminated-1 |
microsoft-sysmon-kv-process-close-terminated-1 |
| sysmon-registry-set |
microsoft-sysmon-kv-registry-modify-success-registryvalueset |
| sysmon-registry-set-1 |
microsoft-sysmon-json-registry-create-success-valuesettask13 |
| sysmon-registry-set-2 |
microsoft-sysmon-mix-registry-create-success-valueset |
| sysmon-system-info |
microsoft-sysmon-json-log-4 |
| sysmon-system-info-1 |
"microsoft-sysmon-xml-process-pipe-create-17 |
| sysmon-system-info-2 |
microsoft-sysmon-kv-endpoint-notification-success-255 |
| sysmon-windows-dns-query |
microsoft-windows-kv-dns-request-success-query |
| system-event-attempt-to-duplicate |
microsoft-evsecurity-kv-handle-copy-attempttoduplicateobj |
| system-event-process-exited |
microsoft-evsecurity-kv-process-close-processexited |
| system-event-unable-to-log |
microsoft-evsecurity-str-endpoint-notification-unabletologeventstosecuritylog |
| system-event-unable-to-log-1 |
microsoft-evsecurity-kv-endpoint-notification-521 |