Edit

SysmonEvent

  • Article

Categories

  • Security

Solutions

  • Security and Audit

Columns

Column Type Description
Activity string
CallTrace string
CmdLine string
Computer string
ComputerEnvironment string
Configuration string
CreationUtcTime datetime
CurrentDirectory string
Description string
DestinationHostname string
DestinationIp string
DestinationIsIpv6 bool
DestinationPort int
DestinationPortName string
Details string
Device string
GrantedAccess string
ID string
Image string
ImageLoaded string
Imphash string
Initiated bool
IntegrityLevel string
LogonGuid string
LogonId string
MD5Hash string
NewName string
NewThreadId long
ParentCommandLine string
ParentImage string
ParentProcessGuid string
ParentProcessId string
PipeName string
PreviousCreationUtcTime datetime
ProcessGuid string
ProcessID int
Protocol string
Resource string
ResourceGroup string
ResourceId string
ResourceProvider string
ResourceType string
SchemaVersion string
SHA1Hash string
SHA256Hash string
SignatureStatus string
Signed string
SignedBy string
SourceHostname string
SourceImage string
SourceIp string
SourceIsIpv6 bool
SourcePort int
SourcePortName string
SourceProcessGuid string
SourceProcessID int
SourceSystem string
SourceThreadId long
StartAddress string
StartFunction string
StartModule string
SubscriptionId string
SysmonEventID int
SysmonEventType string
SysmonState string
TargetFilename string
TargetImage string
TargetObject string
TargetProcessGuid string
TargetProcessID int
TerminalSessionId int
TimeGenerated datetime
Type string The name of the table
User string
Version string