SysmonEvent

Catégories

  • Sécurité

Solutions

  • Sécurité et audit

Colonnes

Colonne Type Description
Activité string
CallTrace string
Cmdline string
Computer string
ComputerEnvironment string
Configuration string
CreationUtcTime DATETIME
CurrentDirectory string
Description string
DestinationHostname string
DestinationIp string
DestinationIsIpv6 bool
DestinationPort int
DestinationPortName string
Détails string
Appareil string
GrantedAccess string
id string
Image string
ImageLoaded string
Imphash string
Initié bool
IntégritéLevel string
Ouverture de session string
LogonId string
MD5Hash string
NewName string
NewThreadId long
ParentCommandLine string
ParentImage string
ParentProcessGuid string
ParentProcessId string
PipeName string
PreviousCreationUtcTime DATETIME
ProcessGuid string
ProcessID int
Protocol string
Ressource string
ResourceGroup string
ResourceId string
ResourceProvider string
ResourceType string
SchemaVersion string
SHA1Hash string
SHA256Hash string
SignatureStatus string
Signé string
SignedBy string
SourceHostname string
SourceImage string
SourceIp chaîne
SourceIsIpv6 bool
SourcePort int
SourcePortName string
SourceProcessGuid string
SourceProcessID int
SourceSystem string
SourceThreadId long
StartAddress string
StartFunction string
StartModule string
SubscriptionId string
SysmonEventID int
SysmonEventType string
SysmonState string
TargetFilename string
TargetImage string
TargetObject string
TargetProcessGuid string
TargetProcessID int
TerminalSessionId int
TimeGenerated DATETIME
Type string Le nom de la table
Utilisateur string
Version string