| abnormal-security-alert |
abnormalsecurity-as-json-alert-trigger-success-attacktype |
| absolute-app-activity |
absolute-siemconnector-cef-app-activity-success-deviceuserinformationupdated |
| absolute-app-activity-1 |
absolute-siemconnector-cef-app-activity-success-devicelocationupdated |
| absolute-app-login |
absolute-siemconnector-cef-app-login-success-loggedin |
| accelion-dlp-alert |
accellion-kw-json-alert-trigger-success-httpincident |
| accelion-kite-app-3 |
accellion-kw-json-file-upload-success-addfile |
| accelion-kite-app-activity-2 |
accellion-kw-json-app-activity-success-event |
| accelion-kite-app-activity-3 |
accellion-kw-json-app-activity-success-urlhost |
| accelion-kite-app-activity-4 |
accellion-kw-json-app-activity-success-apphost |
| accelion-kite-app-activity-5 |
accellion-kw-json-app-activity-success-description |
| accelion-kite-app-activity-6 |
accellion-kw-json-file-read-success-event |
| accelion-kite-app-activity-email-alert |
accellion-kw-json-email-send-success-sendemail |
| accelion-kite-app-admin-login |
accellion-kw-json-app-login-success-adminloggedin |
| accelion-kite-app-delete-draft |
accellion-kw-json-app-activity-success-deletedraft |
| accelion-kite-app-download |
accellion-kw-json-file-download-success-description |
| accelion-kite-app-download-1 |
accellion-kw-json-file-download-success-apphost |
| accelion-kite-app-file-delete |
accellion-kw-json-file-delete-success-deletefolderpermanent |
| accelion-kite-app-file-delete-1 |
accellion-kw-json-file-delete-success-deletefolder |
| accelion-kite-app-file-withdraw |
accellion-kw-json-app-activity-success-filewithdrawn |
| accelion-kite-app-login-1 |
accellion-kw-json-app-login-success-userloggedin |
| accelion-kite-app-network-setting |
accellion-kw-json-app-activity-success-networksettings |
| accelion-kite-app-password-change |
accellion-kw-json-user-password-modify-success-updatepassword |
| accelion-kite-app-reset-password |
accelion-kw-json-user-password-reset-fail-resetpassword |
| accelion-kite-app-setting |
accellion-kw-json-app-activity-success-applicationsettingschanged |
| accelion-kite-app-system |
accellion-kw-json-app-activity-success-system |
| accelion-kite-app-user-delete |
accellion-kw-json-app-activity-success-deleteuser |
| accelion-kite-failed-app-login |
accellion-kw-json-app-login-fail-userloginfailed |
| accessit-badge-access |
accessit-universal-json-physical-location-access-success-cardholderlink |
| ad-audit-2089 |
manageengine-adauditplus-kv-app-notification-success-2089 |
| ad-audit-2887 |
manageengine-adauditplus-kv-app-authentication-2887 |
| ad-audit-4616 |
manageengine-adauditplus-kv-endpoint-time-modify-4616 |
| ad-audit-4624 |
microsoft-evsecurity-kv-endpoint-login-success-adaudit-4624 |
| ad-audit-4625 |
microsoft-evsecurity-kv-endpoint-login-fail-adaudit-4625 |
| ad-audit-4656 |
manageengine-adauditplus-kv-handle-request-4656 |
| ad-audit-4659 |
manageengine-adauditplus-kv-handle-request-4659 |
| ad-audit-4662 |
microsoft-evsecurity-kv-ds-object-activity-success-4662-3 |
| ad-audit-4663 |
microsoft-evsecurity-kv-file-success-4663 |
| ad-audit-4663-1 |
microsoft-evsecurity-kv-file-success-4663-1 |
| ad-audit-4688 |
microsoft-evsecurity-kv-process-create-success-4688 |
| ad-audit-4699 |
manageengine-adauditplus-kv-scheduled-task-delete-4699 |
| ad-audit-4720 |
microsoft-evsecurity-kv-user-create-success-4720 |
| ad-audit-4722 |
microsoft-evsecurity-kv-user-enable-success-4722 |
| ad-audit-4723 |
microsoft-evsecurity-kv-user-password-modify-4723 |
| ad-audit-4724 |
microsoft-evsecurity-kv-user-password-reset-success-4724 |
| ad-audit-4725 |
microsoft-evsecurity-kv-user-disable-success-4725 |
| ad-audit-4726 |
microsoft-evsecurity-kv-user-delete-fail-deleted |
| ad-audit-4728 |
microsoft-evsecurity-kv-group-member-add-success-adauditplus |
| ad-audit-4729 |
microsoft-evsecurity-kv-group-member-remove-success-removedfrom |
| ad-audit-4730 |
microsoft-evsecurity-kv-group-delete-success-4730 |
| ad-audit-4738 |
microsoft-evsecurity-kv-ds-object-modify-success-4738 |
| ad-audit-4740 |
microsoft-evsecurity-kv-user-lock-success-4740 |
| ad-audit-4742 |
microsoft-evsecurity-kv-ds-object-modify-success-4742 |
| ad-audit-4743 |
microsoft-evsecurity-kv-user-delete-success-4743 |
| ad-audit-4759 |
microsoft-evsecurity-kv-group-create-success-4759 |
| ad-audit-4767 |
microsoft-evsecurity-kv-user-unlock-success-4767 |
| ad-audit-4768 |
microsoft-evsecurity-kv-endpoint-authentication-success-adaudit-4768 |
| ad-audit-4769 |
microsoft-evsecurity-kv-endpoint-login-4769-10 |
| ad-audit-4771 |
microsoft-evsecurity-kv-endpoint-login-fail-adaudit-4771 |
| ad-audit-4778 |
microsoft-evsecurity-kv-rdp-traffic-success-adaudit-4778 |
| ad-audit-4779 |
microsoft-evsecurity-kv-endpoint-logout-success-4779 |
| ad-audit-4800 |
microsoft-evsecurity-kv-endpoint-lock-success-4800 |
| ad-audit-4801 |
microsoft-evsecurity-kv-endpoint-unlock-success-4801 |
| ad-audit-5136 |
microsoft-evsecurity-kv-ds-object-modify-success-5136 |
| ad-audit-5137 |
microsoft-evsecurity-kv-ds-object-create-success-5137-1 |
| ad-audit-5139 |
microsoft-evsecurity-kv-ds-object-move-success-5139 |
| ad-audit-5140 |
microsoft-evsecurity-kv-share-access-success-5140 |
| ad-audit-5141 |
microsoft-evsecurity-kv-ds-object-delete-success-5141-1 |
| ad-audit-alert |
microsoft-windows-kv-alert-trigger-success-adapalerts |
| ad-audit-json-4624 |
microsoft-evsecurity-json-endpoint-login-success-4624-1 |
| ad-audit-json-4656 |
microsoft-evsecurity-sk4-handle-request-success-4656-1 |
| ad-audit-json-4663 |
microsoft-evsecurity-json-file-read-success-4663 |
| ad-audit-json-4663-1 |
microsoft-evsecurity-json-file-delete-success-4663-1 |
| ad-audit-json-4768 |
microsoft-evsecurity-json-endpoint-authentication-success-4768 |
| ad-audit-json-4771 |
microsoft-evsecurity-json-endpoint-login-fail-4771-3 |
| ad-audit-json-5140 |
microsoft-evsecurity-json-share-access-success-objectaccessed |
| ad-json-4720 |
microsoft-evsecurity-json-user-create-success-4720-1 |
| ad-json-4722 |
microsoft-evsecurity-json-user-enable-success-4722-1 |
| ad-json-4724 |
microsoft-evsecurity-json-user-password-reset-success-4724-1 |
| ad-json-4740 |
microsoft-evsecurity-json-user-lock-success-4740-1 |
| ad-json-4767 |
microsoft-evsecurity-json-user-unlock-success-4767-1 |
| ad-json-5140 |
microsoft-evsecurity-json-share-access-success-5140-1 |
| ad-json-member-added-2008 |
microsoft-evsecurity-json-group-member-add-success-securityenabled |
| ad-json-member-removed-2008 |
microsoft-evsecurity-json-group-member-remove-success-memberremoved |
| adfs-299-auth-successful |
microsoft-evsecurity-kv-endpoint-login-success-299-1 |
| adfs-500-auth-successful |
microsoft-evsecurity-kv-endpoint-login-success-500-1 |
| adfs-501-auth-successful |
microsoft-evsecurity-kv-endpoint-login-success-501 |
| adfs-account-lockout-512 |
microsoft-adfs-kv-user-lock-success-512 |
| adfs-account-lockout-516 |
microsoft-adfs-kv-user-lock-success-516 |
| adfs-auth-failed |
"microsoft-windows-xml-endpoint-authentication-fail-adfs342 |
| adfs-auth-failed-324 |
microsoft-adfs-kv-app-authentication-fail-324 |
| adfs-auth-failed-411 |
microsoft-adfs-kv-app-authentication-fail-411 |
| adfs-auth-failed-413 |
microsoft-adfs-kv-app-authentication-fail-413 |
| adfs-auth-failed-501 |
microsoft-adfs-str-app-notification-success-501 |
| adfs-auth-successful |
microsoft-evsecurity-kv-endpoint-login-success-299 |
| adfs-auth-successful-1 |
microsoft-evsecurity-kv-endpoint-login-success-500 |
| adfs-dns-request |
microsoft-adfs-kv-http-request-audit |
| adfs-dns-response |
microsoft-adfs-kv-http-response-success-dispatched |
| admanager-activity |
microsoft-ad-kv-app-group-admp |
| adminbyrequest-privileged-access |
adminbyrequest-a-json-user-privilege-use-success-adminsession |
| adminbyrequest-privileged-object-access |
adminbyrequest-a-json-user-privilege-use-success-runasadmin |
| airlock-appwhitelisting-app-activity |
airlock-allowlisting-str-app-activity-success-fileactivity |
| airlock-appwhitelisting-app-activity-1 |
airlock-allowlisting-str-app-activity-success-serveractivity |
| airlock-create-folder |
airlock-sah-kv-file-write-success-createfolder |
| airlock-disconnect |
airlock-sah-kv-vpn-logout-success-auditlog |
| airlock-file-delete |
airlock-sah-kv-file-delete-success-deletefile |
| airlock-file-download |
airlock-sah-kv-file-download-success-download |
| airlock-file-download-failed |
airlock-sah-kv-app-activity-fail-downloadfailed |
| airlock-file-upload |
airlock-sah-kv-file-upload-success-upload |
| airlock-file-upload-failed |
airlock-sah-kv-app-activity-fail-uploadfailed |
| airlock-firewall-network-connection |
airlock-sah-json-network-traffic-networktraffic |
| airlock-firewall-system-info-1 |
airlock-sah-json-network-traffic-connectiontrace |
| airlock-firewall-system-info-2 |
airlock-sah-str-app-notification-webrequests |
| airlock-login-failed |
airlock-sah-kv-app-login-fail-loginfailed |
| airlock-login-success |
airlock-sah-kv-app-login-success-loginsuccessful |
| airlock-logout |
airlock-sah-kv-vpn-logout-success-logout |
| airlock-network-connection |
airlock-sah-kv-network-traffic-success-connectionsuccessful |
| airlock-rename-folder |
airlock-sah-kv-file-write-success-renamefolder |
| airwatch-admin-loggedin |
vmware-airwatch-kv-endpoint-login-success-adminuserloggedin |
| airwatch-admin-loggedout |
vmware-airwatch-kv-app-logout-success-userloggedout |
| airwatch-admin-login-failed |
vmware-airwatch-kv-endpoint-login-fail-loginfailed |
| airwatch-application-remove-requested |
vmware-airwatch-kv-app-activity-success-appremoved |
| airwatch-auth-successful |
vmware-airwatch-kv-endpoint-login-success-login |
| airwatch-authentication |
vmware-airwatch-kv-endpoint-login-fail-authentication |
| airwatch-authtoken-revoked |
vmware-airwatch-kv-app-activity-success-tokenrevoked |
| airwatch-breakmdm-requested |
vmware-airwatch-kv-app-activity-success-breakmdmr |
| airwatch-device-entr-wipe-requested |
vmware-airwatch-kv-app-activity-success-wiperequested |
| airwatch-device-wipe-requested |
vmware-airwatch-kv-app-activity-success-wiperequested-1 |
| airwatch-devicedelete-requested |
vmware-airwatch-kv-app-activity-success-deleterequest |
| airwatch-exitlauncher-requested |
vmware-airwatch-kv-app-activity-success-exitlauncher |
| airwatch-locationgroup-deleted |
vmware-airwatch-kv-group-delete-success-groupdeleted |
| airwatch-profile-deleted |
vmware-airwatch-kv-user-delete-success-profiledeleted |
| airwatch-profile-inactivated |
vmware-airwatch-kv-user-disable-success-profileinactivated |
| airwatch-profile-modified |
vmware-airwatch-kv-user-modify-success-profilemodified |
| airwatch-profileremove-requested |
vmware-airwatch-kv-user-delete-success-profileremove |
| airwatch-revoked |
vmware-airwatch-kv-certificate-expire-success-revoked |
| airwatch-security-alerts |
vmware-airwatch-kv-alert-trigger-success-airwatch |
| airwatch-user-deleted |
vmware-airwatch-kv-user-delete-success-userdeleted |
| airwatch-wiperequest |
vmware-airwatch-kv-app-activity-success-wiperequest |
| aix-auth-failed |
unix-unix-kv-endpoint-login-fail-authfailure |
| aix-auth-successful |
unix-unix-kv-endpoint-authentication-success-dsepamauth |
| aix-file-open-operation |
unix-unix-str-file-read-success-fileopen |
| aix-file-read-operation |
unix-unix-str-file-read-success-fileread |
| aix-file-rename-operation |
unix-aix-str-file-write-success-filerename |
| aix-file-write-operation |
unix-unix-str-file-write-success-1 |
| aix-process-create-operation |
unix-unix-str-process-create-success-proccreate |
| aix-process-created |
unix-unix-str-process-create-success-cmd |
| aix-process-delete-operation |
unix-unix-str-process-close-success-procdelete |
| aix-process-execute-operation |
unix-unix-str-process-create-success-procexecute |
| aix-task-created |
unix-unix-str-scheduled-task-create-success-cmd |
| aix-task-created-1 |
unix-unix-str-scheduled-task-create-success-croncmd |
| akamai-security-alert |
akamai-siem-cef-alert-trigger-success-alerttriggerd |
| akamai-web-activity |
akamai-ca-json-http-session-webactivity |
| amag-badge-access |
amag-sac-json-physical-location-access-accessbadge |
| amazon-rds-database-login |
amazon-ards-sk4-database-login-success-connectionauthorized |
| amazon-rds-database-operation |
amazon-rds-str-database-query-modify-success-auditevent |
| amazon-rds-database-operation-1 |
amazon-rds-str-database-query-modify-success-auditevent-1 |
| anywhere365-app-activity |
anywhere365-a-kv-app-activity-success-callreceive |
| anywhere365-app-activity-1 |
anywhere365-a-kv-app-activity-success-ucccall |
| anywhere365-app-activity-2 |
anywhere365-a-kv-app-activity-success-newconference |
| anywhere365-app-activity-3 |
anywhere365-a-kv-app-activity-success-conferencecreator |
| anywhere365-app-activity-4 |
anywhere365-a-kv-app-activity-success-outboundcall |
| apache-app-login-1 |
apache-guacamole-str-app-authentication-success-user |
| apache-authentication-attempt-1 |
apache-guacamole-str-app-authentication-fail-authenticatethelockeduser |
| apache-failed-app-login-1 |
apache-guacamole-str-app-login-fail-authservice |
| apache-failed-app-login-2 |
apache-guacamole-str-app-login-fail-bindingerror |
| apache-tomcat-system-info |
apache-tomcat-str-app-notification-tomcatcatalina |
| apache-web-activity-1 |
apache-guacamole-kv-http-session-success-client |
| apc-authentication-failed |
apc-a-kv-endpoint-login-fail-smtpauthfail |
| apc-dlp-email-alert-in |
apc-a-kv-email-receive-success-accept |
| apc-dlp-email-alert-in-failed |
apc-a-kv-email-receive-fail-reject |
| apc-failed-logon |
apc-a-str-app-login-fail-invalidcredentials |
| apc-network-alert |
apc-a-str-alert-trigger-success-0004 |
| apc-remote-logon |
apc-a-str-endpoint-login-success-webuser |
| apc-remote-logout |
apc-a-str-app-logout-success-loggedout |
| appsense-process-alert |
appsense-am-leef-alert-trigger-success-warning |
| arbor-network-fail |
arbor-a-str-network-traffic-fail-block |
| arista-networks-awake-security-alert |
aristanetworks-as-cef-alert-trigger-success-deviceurlpath |
| armis-alert-iot |
armis-a-cef-alert-trigger-success-systempolicyviolation |
| aruba-controller-ap-protection |
hp-arubawc-str-app-notification-success-4111 |
| aruba-controller-assoc |
hp-arubawc-str-network-traffic-4111 |
| aruba-controller-blacklist |
hp-arubawc-str-app-notification-success-4111-1 |
| aruba-controller-deauthenticate |
hp-arubawc-str-app-notification-success-4107 |
| aruba-controller-drop |
hp-arubawc-str-network-traffic-fail-4107 |
| aruba-controller-failed-nac-logon |
hp-arubawc-kv-endpoint-login-fail-authfailed |
| aruba-controller-radius |
hp-arubawc-str-radius-traffic-success-4107 |
| aruba-controller-wpa2 |
hp-arubawc-str-app-notification-success-4107-1 |
| aruba-local-logon-1 |
hp-arubamm-cef-endpoint-login-success-authenticatedsuccessfully |
| aruba-nac-failed-1 |
hp-arubamm-cef-endpoint-login-fail-userauthenticationfailed |
| aruba-nac-logon |
hp-arubawc-kv-endpoint-login-success-authsuccessful |
| aruba-nac-logon-1 |
hp-arubamm-sk4-endpoint-login-success-ttamreporter |
| aruba-nac-logon-2 |
hp-arubamm-sk4-endpoint-login-success-authsuccess |
| aruba-network-info-1 |
hp-arubamm-sk4-app-notification-appnotification |
| aruba-remote-logon-1 |
hp-arubamm-cef-endpoint-login-success-authenticationsucceededforuser |
| aruba-system-info-1 |
hp-arubaos-str-app-notification-ikequickmodesucceeded |
| aruba-system-info-2 |
hp-arubaos-str-app-notification-ipsecsadeletedforpeer |
| aruba-system-info-3 |
hp-arubaos-str-endpoint-notification-kernelreportstimeerror |
| aruba-system-info-4 |
hp-arubamm-sk4-app-notification-appnotification-1 |
| aruba-system-info-5 |
hp-aruba-str-app-notification-success-sapd |
| asa-aaa-cef-vpn-start |
cisco-asa-cef-vpn-login-success-authsuccess |
| asa-aaa-vpn-start |
cisco-asa-str-vpn-login-success-109005 |
| asa-aaa-vpn-stop |
cisco-asa-str-vpn-logout-success-authensessionend |
| asa-nap-cef-7.1.7-vpn-start |
cisco-asa-cef-vpn-login-success-assignedprivateip |
| asa-nap-cef-vpn-end |
cisco-asa-cef-vpn-logout-success-sessionisbeingtorndown |
| asa-nap-cef-vpn-start |
cisco-asa-cef-vpn-login-success-assignedprivateip-1 |
| asa-svc-cef-7.1.7-vpn-end |
cisco-asa-cef-vpn-logout-success-sessiondisconnected |
| asa-svc-cef-vpn-close |
cisco-asa-cef-vpn-logout-success-svcclosingconnection |
| asa-svc-vpn-713050-end |
cisco-asa-str-vpn-logout-success-713050 |
| asa-svc-vpn-716001-start |
cisco-asa-str-vpn-login-success-716001 |
| asa-svc-vpn-716002-end |
cisco-asa-str-vpn-logout-success-716002 |
| asa-svc-vpn-716038-start |
cisco-asa-str-vpn-login-success-716038 |
| asa-svc-vpn-716059-start |
cisco-asa-str-vpn-login-success-716059 |
| asa-svc-vpn-751025-start |
cisco-asa-str-vpn-login-success-751025 |
| asa-svc-vpn-start-iPhone |
cisco-asa-str-vpn-login-success-722051-1 |
| asa-web-activity-716003 |
cisco-asa-str-http-session-success-716003 |
| assetview-file-download-activity |
assetview-av-csv-file-download-success-15091 |
| assetview-file-write |
assetview-av-str-file-write-success-10001 |
| assetview-print-activity |
assetview-av-csv-printer-activity-success-15041 |
| assetview-security-alert |
assetview-av-str-alert-trigger-success-35131 |
| assetview-usb-activity |
assetview-av-csv-peripheral-storage-insert-success-15031 |
| audit-unix-process-created |
unix-ad-kv-process-create-success-audit |
| auditbeat-account-switch |
unix-unix-json-user-switch-success-pamsessionopen |
| auditbeat-account-switch-2 |
unix-unix-json-user-switch-success-process |
| auditbeat-auth-success |
unix-unix-json-endpoint-login-success-logstash |
| auditbeat-authentication-successful |
unix-auditbeat-kv-endpoint-login-success-userlogin |
| auditbeat-file-access |
unix-unix-json-file-read-success-fileaccess |
| auditbeat-file-operation-4 |
unix-auditbeat-json-file-create-success-file |
| auditbeat-file-operations |
unix-unix-json-file-success-logstashfile |
| auditbeat-file-operations-2 |
unix-unix-json-file-success-logstashfile-1 |
| auditbeat-file-operations-3 |
unix-unix-json-file-success-logstashfile-2 |
| auditbeat-local-logon |
unix-unix-json-endpoint-login-success-userlogin |
| auditbeat-logout |
unix-auditbeat-json-endpoint-logout-success-userlogout |
| auditbeat-password-change |
unix-unix-json-user-password-modify-success-process |
| auditbeat-perm-mod |
unix-unix-json-file-permission-modify-success-permissionmodify |
| auditbeat-process-activity |
unix-auditbeat-json-process-close-success-processstopped |
| auditbeat-process-audit |
unix-auditbeat-json-app-activity-success-process |
| auditbeat-process-created |
unix-auditbeat-json-process-create-success-processstarted |
| auditbeat-process-created-failed |
unix-auditbeat-json-process-create-fail-processerror |
| auditbeat-process-creation |
unix-unix-json-process-create-logstash |
| auditbeat-process-network |
unix-auditbeat-json-network-session-fail-networkflow |
| auditbeat-security-alert |
unix-unix-json-alert-trigger-success-suspactivity |
| auditbeat-security-alert-2 |
unix-unix-json-alert-trigger-success-unauthedfileaccess |
| auditbeat-security-alert-3 |
unix-unix-json-alert-trigger-success-recon |
| auditbeat-security-alert-4 |
unix-unix-json-alert-trigger-success-powerabuse |
| auditbeat-ssh-login |
unix-unix-json-ssh-traffic-success-process |
| auditbeat-ssh-login-2 |
unix-unix-json-endpoint-login-success-pubkeyauth |
| auditbeat-ssh-login-3 |
unix-unix-json-endpoint-login-success-key |
| auditbeat-ssh-login-4 |
unix-unix-json-endpoint-login-success-userlogin-1 |
| auditbeat-unix-account-created |
unix-unix-json-user-create-success-adduser |
| auditbeat-unix-account-created-2 |
unix-auditbeat-json-group-create-success-addshadowgroup |
| auditbeat-unix-account-created-3 |
unix-auditbeat-json-group-create-success-addgroup |
| auditbeat-unix-account-delete |
unix-unix-json-user-delete-fail-process |
| auditbeat-unix-account-delete-2 |
unix-unix-json-user-delete-fail-auditbeat |
| auditbeat-unix-account-delete-3 |
unix-unix-json-user-delete-fail-deletegroup |
| auditbeat-unix-member-removed |
unix-unix-json-group-member-remove-success-process |
| auditbeat-unix-member-removed-2 |
unix-unix-json-group-member-remove-success-auditbeat |
| auditd-unix-account-switch |
unix-auditd-kv-user-switch-success-userrolechange |
| auditd-unix-process-created |
unix-ad-kv-process-create-success-audispd |
| auth0-login-failed |
auth0-a-json-endpoint-login-fail-fp |
| auth0-login-failed-1 |
auth0-a-json-endpoint-login-fail-invalidrequest |
| auth0-login-success |
auth0-a-json-app-login-success-s |
| auth0-password-breached |
auth0-a-json-alert-trigger-success-pwdleak |
| auth0-password-change-failed |
auth0-a-json-user-password-modify-fail-fcp |
| authmgr-auth-system-alert |
dell-rsaauthmngr-kv-app-authentication-status |
| authmgr-authentication-failed |
dell-rsaauthmngr-kv-endpoint-authentication-fail-authfail |
| authmgr-authentication-failed-1 |
dell-rsaauthmngr-kv-endpoint-login-fail-authorizationfail |
| authmgr-authentication-failed-2 |
dell-rsaauthmngr-kv-endpoint-authentication-fail-usertokenfailed |
| authmgr-authentication-successful |
dell-rsaauthmngr-kv-endpoint-authentication-success-authsuccess |
| authmgr-authentication-successful-1 |
dell-rsaauthmngr-kv-endpoint-login-success-authorizationsuccess |
| authmgr-authentication-successful-2 |
dell-rsaauthmngr-kv-endpoint-authentication-success-usertokencreated |
| avanan-dlp-alert |
checkpoint-avanan-json-alert-trigger-success-avanansecurityeventdlp |
| avanan-dlp-alert-1 |
checkpoint-avanan-json-alert-trigger-success-dlp |
| avanan-dlp-email-alert |
checkpoint-avanan-json-email-receive-avanansecurityevent |
| avanan-dlp-email-alert-1 |
checkpoint-avanan-json-email-send-avanansecurityevent |
| avanan-dlp-email-alert-2 |
checkpoint-avanan-json-email-receive-securityevent |
| avanan-dlp-email-alert-3 |
checkpoint-avanan-json-email-send-securityevent |
| avanan-dlp-email-alert-4 |
checkpoint-avanan-json-email-send-receive-phishing |
| avanan-security-alert |
checkpoint-avanan-json-alert-trigger-success-avanansecurityeventmalware |
| avanan-security-alert-1 |
checkpoint-avanan-json-alert-trigger-success-securityeventmalware |
| avaya-switch-auth-attempt |
avaya-ers-str-endpoint-login-fail-unauthorized |
| avaya-switch-auth-attempt-1 |
avaya-ers-str-endpoint-login-fail-disallowed |
| avaya-switch-auth-failed |
avaya-ers-str-app-authentication-fail-6 |
| avaya-switch-auth-failed-1 |
avaya-ers-str-endpoint-login-fail-intruderip |
| avaya-switch-auth-successful |
avaya-ers-str-endpoint-login-success-sessionopened |
| avaya-switch-auth-successful-1 |
avaya-ers-str-endpoint-login-success-successfulconnection |
| avaya-switch-logout |
avaya-ers-str-endpoint-logout-success-connectionclosed |
| avaya-switch-logout-1 |
avaya-ers-str-endpoint-logout-success-sessionclosed |
| avaya-switch-system-event |
avaya-ers-str-endpoint-activity-success-ssh |
| avecto-local-logon |
beyondtrust-privmgmt-kv-endpoint-login-success-userlogon |
| avecto-process-created |
beyondtrust-privmgmt-kv-process-create-success-processstarted |
| avecto-process-created-1 |
beyondtrust-privmgmt-kv-process-create-success-processstarttime |
| aventail-vpn-end |
dell-sw-kv-vpn-logout-success-infosystem |
| aventail-vpn-start |
dell-sw-str-vpn-login-success-csacl |
| aventail-vpn-start-1 |
dell-sw-kv-vpn-login-success-platformprefix |
| avi-lb-app-login |
avinetworks-a-str-app-login-success-loginsuccess |
| avi-lb-app-logout |
avinetworks-lb-str-endpoint-logout-userlogout |
| aws-addusertogroup-json |
amazon-awscloudtrail-json-group-member-add-addusertogroup |
| aws-alert-1 |
amazon-awscloudtrail-sk4-user-create-createmembers |
| aws-assumerole-json |
amazon-awscloudtrail-json-role-assume-success-assumerole |
| aws-attachgrouppolicy-json |
amazon-awscloudtrail-json-group-policy-attach-success-attachgrouppolicy |
| aws-attachrolepolicy-json |
amazon-awscloudtrail-json-role-policy-attach-success-attachrolepolicy |
| aws-attachuserpolicy-json |
amazon-awscloudtrail-json-user-policy-attach-success-attachuserpolicy |
| aws-attachvolume-json |
amazon-awscloudtrail-json-disk-attach-attachvolume |
| aws-cloudtrail-activity |
amazon-awscloudtrail-sk4-app-activity-aws |
| aws-cloudtrail-app-activity |
amazon-awscloudtrail-json-app-activity-success-awsapicall |
| aws-consolelogin-json |
amazon-awscloudtrail-json-aws-login-consolelogin |
| aws-copyobject-json |
amazon-awscloudtrail-json-file-copy-copyobject |
| aws-createaccesskey-json |
amazon-awscloudtrail-json-user-key-create-createaccesskey |
| aws-createbucket-json |
amazon-awscloudtrail-json-bucket-create-awsapicall |
| aws-createfunction-json |
amazon-awscloudtrail-json-function-write-createfunction |
| aws-creategroup-json |
amazon-awscloudtrail-json-user-create-creategroup |
| aws-createimage-json |
amazon-awscloudtrail-json-image-create-awsapicall |
| aws-createkeypair-json |
amazon-awscloudtrail-json-key-write-createkeypair |
| aws-createloginprofile-json |
amazon-awscloudtrail-json-app-activity-loginprofile |
| aws-createpolicy-json |
amazon-awscloudtrail-json-policy-create-success-createpolicy |
| aws-createpolicyversion-json |
amazon-awscloudtrail-json-policy-modify-success-createpolicyversion |
| aws-createrole-json |
amazon-awscloudtrail-json-role-create-success-createrole |
| aws-createsnapshot-json |
amazon-awscloudtrail-json-snapshot-create-awsapicall |
| aws-createuser-json |
amazon-awscloudtrail-json-user-create-awsapicall |
| aws-createvolume-json |
amazon-awscloudtrail-json-disk-create-createvolume |
| aws-general-activity |
amazon-awscloudtrail-json-app-activity-awsapicall |
| aws-getconsolescreenshot-json |
amazon-awscloudtrail-json-app-activity-getscreenshot |
| aws-getobject-json |
amazon-awscloudtrail-json-file-read-getobject |
| aws-getpassworddata-json |
amazon-awscloudtrail-json-key-read-getpassword |
| aws-listattachedgrouppolicies-json |
amazon-awscloudtrail-json-policy-list-success-grouppolicies |
| aws-listattachedrolepolicies-json |
amazon-awscloudtrail-json-policy-list-success-rolepolicies |
| aws-listattacheduserpolicies-json |
amazon-awscloudtrail-json-policy-list-success-userpolicies |
| aws-listgrouppolicies-json |
amazon-awscloudtrail-json-policy-list-success-listgrouppolicies |
| aws-listrolepolicies-json |
amazon-awscloudtrail-json-policy-list-success-listrolepolicies |
| aws-listuserpolicies-json |
amazon-awscloudtrail-json-policy-list-success-listuserpolicies |
| aws-modifyimageattribute-json |
amazon-awscloudtrail-json-image-modify-imageattribute |
| aws-modifyinstanceattribute-json |
amazon-awscloudtrail-json-endpoint-modify-instanceattribute |
| aws-modifysnapshotattribute-json |
amazon-awscloudtrail-json-snapshot-modify-awsapicall |
| aws-modifyvolume-json |
amazon-awscloudtrail-json-disk-modify-modifyvolume |
| aws-putbucketacl-json |
amazon-awscloudtrail-json-bucket-permission-modify-putbucketacl |
| aws-putbucketcors-json |
amazon-awscloudtrail-json-bucket-permission-modify-putbucketcors |
| aws-putbucketpolicy-json |
amazon-awscloudtrail-json-bucket-policy-modify-putbucketpolicy |
| aws-putbucketpublicaccessblock-json |
amazon-awscloudtrail-json-bucket-accessblock-modify-awsapicall |
| aws-putgrouppolicy-json |
amazon-awscloudtrail-json-policy-create-success-putgrouppolicy |
| aws-putobject-json |
amazon-awscloudtrail-json-file-write-putobject |
| aws-putobjectacl-json |
amazon-awscloudtrail-json-bucket-permission-modify-putobjectacl |
| aws-putrolepolicy-json |
amazon-awscloudtrail-json-policy-create-success-putrolepolicy |
| aws-putuserpolicy-json |
amazon-awscloudtrail-json-policy-create-success-putuserpolicy |
| aws-renewrole-json |
amazon-awscloudtrail-json-role-assume-renewrole |
| aws-runinstances-json |
amazon-awscloudtrail-json-endpoint-create-runinstances |
| aws-security-alert |
amazon-awsguardduty-sk4-alert-trigger-success-guardduty-3 |
| aws-sendcommand-json |
amazon-awscloudtrail-json-app-activity-sendcommand |
| aws-sendsshpublickey-json |
amazon-awscloudtrail-json-endpoint-login-sendsshkey |
| aws-setpolicyversion-json |
amazon-awscloudtrail-json-policy-modify-success-setpolicyversion |
| aws-switchrole-json |
amazon-awscloudtrail-json-role-assume-success-switchrole |
| aws-updateassumerolepolicy-json |
amazon-awscloudtrail-json-policy-modify-success-updateassumerolepolicy |
| aws-updatefunctioncode-json |
amazon-awscloudtrail-json-function-write-updatefunction |
| aws-updatefunctionconfiguration-json |
amazon-awscloudtrail-json-function-write-updateconfiguration |
| aws-updateloginprofile-json |
amazon-awscloudtrail-json-app-activity-updateprofile |
| aws-waf-web-activity |
aws-waf-json-http-session-httprequest |
| aws-web-activity |
amazon-awswaf-sk4-http-request-httprequest |
| aws-web-activity-1 |
amazon-awswaf-json-app-authentication-httprequest |
| axway-remote-logon |
axway-gateway-str-endpoint-login-success-successfullogin |
| axway-sftp-file-upload |
axway-gateway-kv-file-upload-success-fileupload |
| azure-ad-account-disabled |
microsoft-azuread-json-user-disable-success-accountdisable |
| azure-ad-account-password-change |
microsoft-azuread-json-user-password-reset-fail-changepassword |
| azure-ad-account-password-change-1 |
azure-azuread-json-user-password-modify-success-selfservice |
| azure-ad-account-password-change-2 |
microsoft-azuread-sk4-user-password-modify-success-userpasswordchange |
| azure-ad-account-password-change-3 |
microsoft-azuread-sk4-user-password-modify-success-changepassword |
| azure-ad-account-unlocked |
microsoft-azuread-json-user-unlock-success-useraccountunlock |
| azure-ad-app-activity |
microsoft-m365auditlogs-json-app-activity-operationname |
| azure-ad-app-login |
microsoft-azuread-cef-app-login-signinoperation |
| azure-ad-member-added |
microsoft-azuread-json-group-member-add-success-aadiam |
| azure-ad-member-added-1 |
microsoft-azuread-cef-group-member-add-success-auditlogs |
| azure-ad-member-removed |
microsoft-azuread-json-group-member-remove-success-groupmemberremoved |
| azure-ad-member-removed-1 |
microsoft-azure-cef-group-member-remove-success-removefromgroup |
| azure-ad-security-alert-2 |
microsoft-azureadip-json-alert-trigger-success-graphsecurityalert |
| azure-app-activity |
microsoft-azuremon-sk4-app-activity-destinationservicename |
| azure-app-activity-1 |
microsoft-azure-json-app-activity-strongauthenticationuserdetails |
| azure-app-activity-2 |
microsoft-azure-sk4-app-activity-userupdate |
| azure-app-activity-3 |
microsoft-azure-sk4-app-activity-adduser |
| azure-app-activity-4 |
microsoft-azure-sk4-app-activity-addgroup |
| azure-app-activity-5 |
microsoft-azure-sk4-app-activity-deleteuser |
| azure-app-activity-6 |
microsoft-azure-sk4-app-activity-addmembertorole |
| azure-app-activity-7 |
microsoft-azure-sk4-app-activity-addownertogroup |
| azure-app-activity-8 |
microsoft-azuremon-sk4-app-activity-success-updategroup |
| azure-app-auth-events |
microsoft-windows-sk4-endpoint-login-requireduomfa |
| azure-app-login |
microsoft-azure-sk4-app-login-success-loginevent |
| azure-app-logon |
microsoft-windows-cef-app-login-tokenissuertype |
| azure-app-logon-2 |
microsoft-windows-cef-app-login-conditionalaccessstatus |
| azure-app-logon-3 |
microsoft-windows-sk4-app-login-fail-signin |
| azure-atp-security-alert |
microsoft-azureatp-json-alert-trigger-success-advancedthreatprotection |
| azure-atp-security-alert-1 |
microsoft-azureatp-json-alert-trigger-success-remoteexecutionsecurityalert |
| azure-atp-security-alert-2 |
microsoft-azureatp-json-alert-trigger-success-enumerationsecurityalert |
| azure-atp-security-alert-3 |
microsoft-azureatp-json-alert-trigger-success-passtheticket |
| azure-atp-security-alert-4 |
microsoft-azureatp-json-alert-trigger-success-netlogonbypasssecurityalert |
| azure-atp-security-alert-5 |
microsoft-azureatp-json-alert-trigger-success-remoteexecutionsecurityalert-1 |
| azure-atp-security-alert-6 |
microsoft-azureatp-json-alert-trigger-success-netlogonbypasssecurityalert-1 |
| azure-atp-security-alert-7 |
microsoft-azure-sk4-alert-trigger-success-aatp |
| azure-blob-activity1 |
microsoft-azure-json-file-success-1 |
| azure-blob-activity2 |
microsoft-azure-json-file-success-2 |
| azure-cloud-system-info |
microsoft-azuremon-json-app-activity-success-sourcesystem |
| azure-databrick-app-activity-1 |
microsoft-azuremon-sk4-secret-read-getsecret |
| azure-databrick-app-activity-2 |
microsoft-azuremon-sk4-app-notification-clusterstartresult |
| azure-databrick-app-activity-3 |
microsoft-azuremon-sk4-app-notification-clusterstart |
| azure-disks-write |
microsoft-azure-json-disk-write-success-disk |
| azure-event-hub-administrative |
microsoft-azuremon-sk4-app-activity-administrative |
| azure-event-hub-alert |
microsoft-azuremon-sk4-app-activity-alert |
| azure-event-hub-app-service-audit-logs |
microsoft-azure-cef-app-login-success-auditlogs |
| azure-event-hub-app-service-http-logs |
microsoft-azuremon-sk4-http-session-appservicehttplogs |
| azure-event-hub-application-gateway-access-log |
microsoft-azureeh-sk4-app-activity-success-applicationgatewayaccesslog |
| azure-event-hub-application-gateway-access-log-1 |
microsoft-azuremon-sk4-app-activity-applicationgatewayaccess |
| azure-event-hub-application-gateway-access-log-2 |
microsoft-azuremon-sk4-http-request-applicationgateway |
| azure-event-hub-application-gateway-firewall-log |
microsoft-azure-cef-network-traffic-firewall |
| azure-event-hub-application-gateway-performance-log |
microsoft-azuremon-sk4-app-notification-performancelog |
| azure-event-hub-application-gateway-performance-log-1 |
microsoft-azuremon-sk4-app-activity-clientrequest |
| azure-event-hub-device-logon |
microsoft-defenderep-kv-endpoint-login-devicelogonevents |
| azure-event-hub-dns-query |
microsoft-defenderep-kv-dns-response-dnsqueryresponse |
| azure-event-hub-file-events |
microsoft-azure-kv-file-success-vmid |
| azure-event-hub-file-read |
microsoft-azure-cef-file-read-success-actiontype |
| azure-event-hub-gateway |
microsoft-azuremon-sk4-app-activity-eventhub |
| azure-event-hub-gateway-1 |
microsoft-azuremon-sk4-app-notification-gatewaylogs |
| azure-event-hub-image-load |
microsoft-defenderep-kv-dll-load-eventhubbeat |
| azure-event-hub-key-vault-activity |
microsoft-azuremon-sk4-app-activity-auditevent |
| azure-event-hub-key-vault-auth |
microsoft-azure-cef-app-login-success-authentication |
| azure-event-hub-member-added |
microsoft-azure-kv-group-member-add-success-eventhubbeat |
| azure-event-hub-member-removed |
microsoft-azure-kv-group-member-remove-success-deviceevents |
| azure-event-hub-network-connection |
microsoft-azure-kv-network-traffic-eventhubbeat |
| azure-event-hub-network-security-group-event |
microsoft-azure-cef-network-traffic-event |
| azure-event-hub-network-security-group-rule-counter |
microsoft-azure-cef-network-traffic-rule |
| azure-event-hub-policy |
microsoft-azuremon-sk4-app-activity-policy |
| azure-event-hub-process-events |
microsoft-azure-kv-process-create-success-processcreated |
| azure-event-hub-process-events-1 |
microsoft-azure-kv-process-create-success-powershellcommand |
| azure-event-hub-recommendation |
microsoft-azuremon-sk4-app-activity-recommendation |
| azure-event-hub-registry |
microsoft-windows-kv-registry-eventhubbeat |
| azure-event-hub-remote-logon |
microsoft-azure-csv-rdp-traffic-success-vmid |
| azure-event-hub-resource-health |
microsoft-azuremon-sk4-app-notification-resourcehealth |
| azure-event-hub-security |
microsoft-azureeh-csv-alert-trigger-security |
| azure-event-hub-service-health |
microsoft-azuremon-sk4-app-notification-servicehealth |
| azure-event-hub-sql-security-event |
microsoft-azure-cef-database-query-success-event |
| azure-event-hub-system-event |
microsoft-defenderep-kv-endpoint-activity-deviceevents |
| azure-event-hub-system-info |
microsoft-defenderep-kv-network-notification-eventhubbeat |
| azure-event-hub-system-info-1 |
microsoft-defenderep-kv-endpoint-notification-eventhubbeat |
| azure-event-hub-system-info-2 |
microsoft-azuremon-sk4-app-notification-timegrain |
| azure-event-hub-task-created |
microsoft-defenderep-kv-scheduled_task-create-scheduledtaskcreated |
| azure-event-hub-usb-activity |
microsoft-azure-kv-peripheral-storage-activity-success-eventhubbeat |
| azure-event-hub-usb-insert |
microsoft-azure-json-peripheral-storage-insert-success-usbdrivemount |
| azure-eventhubbeat-app-activity |
microsoft-azure-json-app-activity-updatedevice |
| azure-eventhubbeat-app-activity-1 |
microsoft-azure-json-app-activity-updateuser |
| azure-eventhubbeat-app-activity-2 |
microsoft-azure-kv-app-activity-adduser |
| azure-eventhubbeat-app-activity-3 |
microsoft-azure-kv-app-activity-deleteuser |
| azure-eventhubbeat-app-activity-4 |
microsoft-azure-kv-app-activity-changeuserlicense |
| azure-eventhubbeat-app-activity-5 |
microsoft-azure-json-app-activity-updategroup |
| azure-eventhubbeat-app-activity-6 |
microsoft-azure-json-app-activity-addgroup |
| azure-eventhubbeat-app-activity-7 |
microsoft-azure-kv-app-activity-harddeletegroup |
| azure-eventhubbeat-app-activity-8 |
microsoft-azure-json-app-activity-groupmanagement |
| azure-eventhubbeat-app-activity-9 |
microsoft-azure-json-app-activity-deletegroup |
| azure-file-read |
microsoft-azure-cef-file-read-success-loganalytics |
| azure-file-read-1 |
microsoft-azure-sk4-file-read-success-keyget |
| azure-file-read-2 |
microsoft-azure-sk4-file-read-success-vaultget |
| azure-file-read-3 |
microsoft-azure-sk4-file-read-success-resourceid |
| azure-file-write |
microsoft-azure-cef-file-write-success-secretset |
| azure-fw-network-connection |
microsoft-azure-sk4-network-traffic-nsgflow |
| azure-fw-network-info |
microsoft-azuremon-sk4-http-request-success-applicationgateways |
| azure-fw-network-info-2 |
microsoft-azuremon-sk4-app-activity-success-networksecuritygroups |
| azure-fw-network-info-3 |
microsoft-azuremon-sk4-network-session-azurefirewall |
| azure-fw-network-info-4 |
microsoft-azuremon-sk4-app-activity-success-virtualnetworkgateways |
| azure-fw-network-info-5 |
microsoft-azuremon-sk4-dns-success-azurefirewalldnsproxy |
| azure-fw-network-info-7 |
microsoft-azuremon-sk4-http-request-success-azurefirewallapplicationrule |
| azure-fw-network-info-8 |
microsoft-azuremon-sk4-app-notification-applicationgatewayfirewalllog |
| azure-images-write |
microsoft-azure-json-image-write-success-imagewrite |
| azure-keyvault-activity |
microsoft-azure-json-key-success-keyvault |
| azure-mfa-add-user-mobile |
microsoft-azuremfa-csv-user-modify-added |
| azure-mfa-added-new-user |
microsoft-azuremfa-str-user-modify-success-addednewuser |
| azure-mfa-admin-activity |
microsoft-azuremfa-str-app-activity-success-user |
| azure-mfa-auth-attempt |
microsoft-azuremfa-str-app-authentication-validate-oath-code-1 |
| azure-mfa-auth-attempt-2 |
microsoft-azuremfa-str-user-modify-changed |
| azure-mfa-auth-attempt-3 |
microsoft-azuremfa-str-app-authentication-fail-from |
| azure-mfa-auth-attempt-4 |
microsoft-azuremfa-str-app-authentication-primery |
| azure-mfa-auth-attempt-5 |
microsoft-azuremfa-str-app-authentication-fail-validate-security-question-answers |
| azure-mfa-auth-attempt-6 |
microsoft-azuremfa-str-app-authentication-validate-oath-code |
| azure-mfa-auth-failed |
microsoft-azuremfa-str-endpoint-login-fail-pfsvc |
| azure-mfa-auth-failed-2 |
microsoft-azuremfa-str-endpoint-login-fail-incorrect |
| azure-mfa-auth-failed-3 |
microsoft-azuremfa-str-app-authentication-fail-failed |
| azure-mfa-auth-successful |
microsoft-azuremfa-str-endpoint-login-success-callstatus |
| azure-mfa-changed-oath-token-success |
microsoft-azuremfa-csv-process-token-modify-pfsvc |
| azure-mfa-delete-user |
microsoft-azuremfa-csv-user-delete-deleted |
| azure-mfa-delete-user-mobile |
microsoft-azuremfa-csv-user-modify-deleted |
| azure-network-connection-success |
microsoft-azure-sk4-network-traffic-success-firewallnetworkrule |
| azure-network-info |
microsoft-azuremon-sk4-app-notification-applicationgateways |
| azure-password-protection-30006 |
"microsoft-evazureadppdca-xml-app-notification-30006 |
| azure-process-created |
microsoft-o365-sk4-process-create-success-processcreated |
| azure-process-created-1 |
microsoft-azure-json-process-create-success-vmprocess |
| azure-roleassignments-write |
microsoft-azure-json-user-role-assign-success-createroleassignment |
| azure-roledefiniton-write |
microsoft-azure-json-role-write-success-createroledefination |
| azure-security-alert |
microsoft-sentinel-sk4-alert-trigger-success-loganalytics |
| azure-security-alert-1 |
microsoft-azuresc-sk4-alert-trigger-success-logactivity |
| azure-security-alert-2 |
microsoft-azuresc-sk4-alert-trigger-success-securityalert |
| azure-security-center-network-alert |
microsoft-azuresc-json-alert-trigger-success-trafficfromunrecommendedip |
| azure-security-center-process-alert |
microsoft-azuresc-json-alert-trigger-success-kvappanomaly |
| azure-security-center-security-alert |
microsoft-azuresc-json-alert-trigger-success-sqldbprincipalanomaly |
| azure-security-center-security-alert-1 |
microsoft-azuresc-json-alert-trigger-success-asc |
| azure-security-center-security-alert-2 |
microsoft-azuresc-json-alert-trigger-success-vmwindowsobfus |
| azure-security-center-security-alert-3 |
microsoft-azuresc-json-alert-trigger-success-geoanomaly |
| azure-security-center-security-alert-4 |
microsoft-azuresc-json-alert-trigger-success-anomalouspageaccess |
| azure-security-center-security-alert-5 |
microsoft-azuresc-sk4-alert-trigger-success-asc |
| azure-snapshots-write |
microsoft-azure-json-snapshot-write-success-snapshotswrite |
| azure-sshpublickeys-write |
microsoft-azure-json-key-write-success-sshpublickey |
| azure-system-info |
microsoft-azuremon-kv-app-activity-uam |
| azure-virtualmachines-write |
microsoft-azure-json-image-write-success-createvm |
| azure-waf-system-info |
microsoft-azure-sk4-app-notification-success-healthprobelog |