Team
I am working on a project in which i need to get column names from Security event log (like ex: Security ID, Account Name, Account Domain, Logon ID) & this column count will increase based on security events.
I need this to read from one SQL Table & and get columns (1st event may have 4 columns, 2nd event may have 10 columns & so on) after reading it need to update it in new SQL table with the columns (each column should have each event & its values).
Any suggestion please.
I am happy to have this in SQL Query OR PowerShell too.
================================
1st Event Log:
Message
An account was logged off.
Subject:
Security ID: S-1-5-21-4092471901-707098849-2603905285-1002
Account Name: IUSR
Account Domain:
Logon ID: 0x2D6330DA
Logon Type: 3
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
====================================
2nd Event log
Key file operation.
Subject:
Security ID: S-1-5-18
Account Name: ETS03$
Account Domain: LAB
Logon ID: 0x3E7
Process Information:
Process ID: 9672
Process Creation Time: 2022-04-15T00:49:59.688316600Z
Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: UNKNOWN
Key Name: ConfigMgrPrimaryKey
Key Type: Machine key.
Key File Operation Information:
File Path: C:\ProgramData\Microsoft\Crypto\Keys\f67681ddee923363c159c11a44f135de_670959a2-5d10-470b-952c-36572be379fb
Operation: Read persisted key from file.
Return Code: 0x0