| jp-4662 |
microsoft-evsecurity-kv-ds-object-activity-success-4662-4 |
| jp-5158 |
microsoft-evsecurity-kv-network-session-success-5158-1 |
| jp-member-added-1 |
microsoft-evsecurity-kv-group-member-add-success-4728 |
| jp-member-added-2 |
microsoft-evsecurity-kv-group-member-add-success-4732 |
| jp-member-added-3 |
microsoft-evsecurity-kv-group-member-add-success-4756 |
| jp-process-network |
microsoft-evsecurity-csv-network-session-success-5156 |
| jp-share-access-5140 |
microsoft-evsecurity-kv-share-access-success-5140-1 |
| jp-share-access-5145 |
microsoft-evsecurity-kv-share-access-success-5145-2 |
| json-1100 |
microsoft-windows-sk4-log-disable-success-1100 |
| json-299 |
microsoft-windows-sk4-app-authentication-success-299 |
| json-403 |
microsoft-windows-sk4-http-request-success-403 |
| json-404 |
microsoft-windows-sk4-http-response-success-404 |
| json-410 |
microsoft-windows-sk4-app-notification-success-410 |
| json-4104 |
microsoft-evpowershell-json-process-create-success-4104 |
| json-412 |
microsoft-windows-sk4-app-notification-success-412 |
| json-431 |
microsoft-evadfs-sk4-app-notification-success-431 |
| json-4608 |
microsoft-windows-sk4-endpoint-start-success-4806 |
| json-4610 |
microsoft-windows-sk4-dll-load-success-4610 |
| json-4611 |
microsoft-evsecurity-json-endpoint-notification-4611 |
| json-4614 |
microsoft-evsecurity-sk4-dll-load-success-4614 |
| json-4622 |
microsoft-evsecurity-sk4-service-create-success-4622 |
| json-4622-1 |
microsoft-evsecurity-json-service-create-success-4622 |
| json-4624 |
microsoft-evsecurity-json-endpoint-login-success-4624 |
| json-4624-1 |
microsoft-evsecurity-json-endpoint-login-success-4624-4 |
| json-4624-2 |
microsoft-evsecurity-json-endpoint-login-success-4624-2 |
| json-4625 |
microsoft-evsecurity-json-endpoint-login-fail-4625 |
| json-4625-1 |
microsoft-evsecurity-json-endpoint-login-fail-4625-3 |
| json-4625-2 |
microsoft-evsecurity-json-endpoint-login-fail-4625-2 |
| json-4627 |
microsoft-evsecurity-json-endpoint-notification-4627 |
| json-4634 |
microsoft-evsecurity-json-endpoint-logout-4634 |
| json-4634-1 |
microsoft-evsecurity-json-endpoint-logout-success-4634 |
| json-4634-2 |
microsoft-evsecurity-json-endpoint-logout-success-4634-1 |
| json-4634-3 |
microsoft-evsecurity-sk4-endpoint-logout-success-anaccountwasloggedoff-1 |
| json-4634-4 |
microsoft-evsecurity-json-endpoint-logout-4634-2 |
| json-4647-1 |
microsoft-evsecurity-json-endpoint-endpoint-logout-success-userinitiatedlogoff |
| json-4647-2 |
microsoft-evsecurity-json-endpoint-logout-4647 |
| json-4648 |
microsoft-evsecurity-json-user-switch-success-4648 |
| json-4648-1 |
microsoft-evsecurity-json-endpoint-login-success-4648 |
| json-4648-2 |
microsoft-evsecurity-json-endpoint-login-success-4648-2 |
| json-4653 |
microsoft-evsecurity-json-network-session-fail-4653 |
| json-4656 |
microsoft-evsecurity-cef-handle-request-success-4656 |
| json-4656-1 |
microsoft-evsecurity-json-handle-request-4656 |
| json-4659 |
microsoft-evsecurity-json-handle-request-success-4659 |
| json-4660 |
microsoft-evsecurity-json-endpoint-activity-4660 |
| json-4662 |
microsoft-evsecurity-json-ds-object-activity-success-4662 |
| json-4662-1 |
microsoft-evsecurity-json-ds-object-activity-success-4662-1 |
| json-4670 |
microsoft-evsecurity-json-file-permission-modify-4670 |
| json-4670-1 |
microsoft-evsecurity-json-file-permission-modify-4670-2 |
| json-4670-2 |
microsoft-evsecurity-json-file-permission-modify-4670-1 |
| json-4672 |
microsoft-evsecurity-json-user-privilege-assign-success-4672 |
| json-4672-1 |
microsoft-evsecurity-sk4-user-privilege-assign-success-4672 |
| json-4672-2 |
microsoft-evsecurity-sk4-user-privilege-use-success-4672 |
| json-4673 |
microsoft-evsecurity-json-user-privilege-assign-success-4673 |
| json-4673-1 |
microsoft-evsecurity-sk4-user-privilege-assign-success-4673 |
| json-4673-2 |
microsoft-evsecurity-json-user-privilege-assign-success-4673-1 |
| json-4674 |
microsoft-evsecurity-json-user-privilege-use-success-4674 |
| json-4690 |
microsoft-evsecurity-json-handle-copy-4690 |
| json-4698 |
microsoft-evsecurity-json-scheduled-task-create-success-4698 |
| json-4702 |
microsoft-evsecurity-json-scheduled-task-modify-4702 |
| json-4719 |
microsoft-evsecurity-json-audit-policy-modify-success-4719 |
| json-4720 |
microsoft-evsecurity-json-user-create-success-4720-4 |
| json-4720-1 |
microsoft-evsecurity-json-user-create-success-4720-2 |
| json-4722 |
microsoft-evsecurity-json-user-enable-success-4722-2 |
| json-4723 |
microsoft-evsecurity-json-user-password-modify-4723 |
| json-4723-1 |
microsoft-evsecurity-sk4-user-password-modify-4723 |
| json-4723-2 |
microsoft-evsecurity-json-user-password-modify-4723-2 |
| json-4724 |
microsoft-evsecurity-json-user-password-reset-success-4724-3 |
| json-4724-1 |
microsoft-evsecurity-json-user-password-reset-success-4724-2 |
| json-4724-2 |
microsoft-evsecurity-sk4-user-password-reset-success-4724 |
| json-4725 |
microsoft-evsecurity-json-user-disable-success-4725-1 |
| json-4726 |
microsoft-evsecurity-json-user-delete-success-4726 |
| json-4728 |
microsoft-evsecurity-json-group-member-add-success-4728 |
| json-4729 |
microsoft-evsecurity-json-group-member-remove-success-4729 |
| json-4737 |
microsoft-evsecurity-json-group-modify-success-4737 |
| json-4738 |
microsoft-evsecurity-json-ds-object-modify-success-4738 |
| json-4738-1 |
microsoft-evsecurity-sk4-ds-object-modify-success-4738 |
| json-4740 |
microsoft-evsecurity-json-user-delete-fail-instanceid |
| json-4740-1 |
microsoft-windows-json-user-lock-success-4740-2 |
| json-4755 |
microsoft-evsecurity-json-group-modify-success-4755 |
| json-4767 |
microsoft-evsecurity-json-user-unlock-success-4767-2 |
| json-4768 |
microsoft-evsecurity-json-endpoint-login-4768 |
| json-4768-1 |
microsoft-evsecurity-json-endpoint-4768-3 |
| json-4768-2 |
microsoft-evsecurity-json-endpoint-login-4768-3 |
| json-4768-3 |
microsoft-evsecurity-json-endpoint-login-4768-2 |
| json-4769 |
microsoft-evsecurity-json-endpoint-login-4769 |
| json-4769-1 |
microsoft-evsecurity-json-endpoint-authentication-sucess-4769-2 |
| json-4769-2 |
microsoft-evsecurity-json-endpoint-login-4769-1 |
| json-4770 |
microsoft-evsecurity-json-endpoint-login-success-4770 |
| json-4771 |
microsoft-evsecurity-json-endpoint-login-fail-4771 |
| json-4776 |
microsoft-evsecurity-json-endpoint-login-4776 |
| json-4776-1 |
microsoft-evsecurity-json-endpoint-login-4776-4 |
| json-4776-2 |
microsoft-evsecurity-json-endpoint-login-4776-3 |
| json-4778 |
microsoft-evsecurity-json-rdp-traffic-success-4778 |
| json-4779 |
microsoft-evsecurity-json-endpoint-logout-success-4779 |
| json-4797 |
microsoft-windows-sk4-endpoint-notification-success-4797 |
| json-4798 |
microsoft-windows-sk4-group-list-success-4798 |
| json-4799 |
microsoft-evsecurity-json-group-member-list-4799 |
| json-4799-1 |
microsoft-evsecurity-sk4-group-member-list-success-4799 |
| json-4800 |
microsoft-evsecurity-json-endpoint-lock-success-4800 |
| json-4800-1 |
microsoft-evsecurity-sk4-endpoint-lock-success-4800 |
| json-4826 |
microsoft-windows-sk4-configuration-load-success-4826 |
| json-4902 |
microsoft-windows-sk4-endpoint-notification-success-4902 |
| json-4904 |
microsoft-evsecurity-sk4-audit-policy-modify-4904 |
| json-4905 |
microsoft-evsecurity-sk4-audit-policy-modify-4905 |
| json-4907 |
microsoft-evsecurity-sk4-audit-policy-modify-success-4907 |
| json-4907-1 |
microsoft-evsecurity-json-audit-policy-modify-4907 |
| json-4985 |
microsoft-evsecurity-json-endpoint-notification-4985 |
| json-500 |
microsoft-windows-sk4-app-notification-success-500 |
| json-501 |
microsoft-windows-sk4-app-notification-success-501 |
| json-5058 |
microsoft-evsecurity-json-file-5058 |
| json-5058-1 |
microsoft-evsecurity-json-file-5058-1 |
| json-5061 |
microsoft-evsecurity-json-key-5061 |
| json-5061-1 |
microsoft-evsecurity-sk4-key-5061 |
| json-5136 |
microsoft-evsecurity-json-ds-object-modify-success-5136 |
| json-5136-1 |
microsoft-evsecurity-sk4-ds-object-modify-success-5136 |
| json-5140 |
microsoft-evsecurity-json-share-access-success-5140 |
| json-5140-1 |
microsoft-evsecurity-sk4-share-access-success-5140-1 |
| json-5140-2 |
microsoft-evsecurity-json-share-access-success-5140-3 |
| json-5145 |
microsoft-evsecurity-json-share-access-5145-1 |
| json-5145-1 |
microsoft-evsecurity-sk4-share-access-success-5145 |
| json-5145-2 |
microsoft-evsecurity-json-share-access-success-5145 |
| json-5156 |
microsoft-evsecurity-json-network-session-success-5156-2 |
| json-5156-1 |
microsoft-evsecurity-json-network-session-success-5156-1 |
| json-5158 |
microsoft-evsecurity-json-network-session-success-5158 |
| json-5186 |
microsoft-evsystem-json-process-close-5186 |
| json-5447 |
microsoft-evsecurity-json-policy-modify-5447 |
| json-5478 |
microsoft-evsecurity-json-service-create-success-5478 |
| json-6272 |
microsoft-evnps-sk4-endpoint-authentication-success-6272 |
| json-6272-1 |
microsoft-evnps-sk4-endpoint-authentication-success-6272-1 |
| json-6273 |
microsoft-nps-sk4-endpoint-authentication-fail-6273 |
| json-6416 |
microsoft-evsecurity-sk4-peripheral_storage-insert-success-6416 |
| json-8001 |
microsoft-windows-sk4-app-notification-success-8001 |
| json-alertlogic-network-alert |
alertlogic-al-json-alert-trigger-success-ids |
| json-auditd-account-switch |
unix-unix-json-user-switch-success-userstart |
| json-auditd-process-creation |
unix-unix-json-process-create-auditd |
| json-azure-ad-security-alert |
microsoft-azureadip-mix-alert-trigger-success-unfamiliarlocation |
| json-azure-ad-security-alert-1 |
microsoft-azureadip-json-alert-trigger-success-impossibletravel |
| json-bluecoat-proxy-web-activity |
symantec-wss-json-http-session-actioncf |
| json-bro-certs-analyzer |
zeek-z-json-network-notification-certificate |
| json-bro-dce_rpc |
zeek-z-json-endpoint-login-success-operation |
| json-bro-dhcp |
zeek-z-json-dhcp-traffic-success-uids |
| json-bro-dhcp-2 |
zeek-z-json-endpoint-login-success-clientaddr |
| json-bro-dns-query |
zeek-z-json-dns-request-success-uid |
| json-bro-dns-query-2 |
zeek-z-json-dns-request-success-dnsrequest |
| json-bro-email-in |
zeek-z-json-email-receive-success-smtp |
| json-bro-files-analysis |
zeek-z-json-file-read-success-fileslog |
| json-bro-files-analysis-2 |
zeek-z-json-file-read-success-txhosts |
| json-bro-kerberos |
zeek-z-json-endpoint-authentication-success-kerberos |
| json-bro-notice |
zeek-zeek-json-network-notification-actionlog |
| json-bro-ntlm |
zeek-z-json-endpoint-login-success-ntlmlog |
| json-bro-smb_mapping |
zeek-z-json-network-traffic-mapping |
| json-bro-snmp |
zeek-z-json-network-traffic-getresponses |
| json-bro-ssl |
zeek-z-json-app-authentication-success-ssllogs |
| json-bro-ssl-failed |
zeek-z-json-endpoint-login-fail-note |
| json-bro-ssl-failed-2 |
zeek-z-json-endpoint-login-fail-resumed |
| json-bro-tls |
zeek-z-json-endpoint-login-success-tls |
| json-bro-web-activity |
zeek-z-json-http-session-status |
| json-bro-weird |
zeek-z-json-alert-trigger-success-weirdlog |
| json-bro-weird-2 |
zeek-z-json-network-traffic-name |
| json-bro-x509 |
zeek-zeek-json-certificate-exchange-certificate |
| json-carbonblack-device-control-security-alert |
vmware-carbonblack-sk4-alert-trigger-success-devicecontrol |
| json-carbonblack-edr-fileless-scriptload |
vmware-carbonblackceedr-json-process-create-success-fileless |
| json-carbonblack-edr-moduleload |
vmware-carbonblackedr-json-dll-load-success-edr |
| json-carbonblack-edr-moduleload-1 |
vmware-carbonblackedr-sk4-dll-load-success-ngav |
| json-carbonblack-edr-netconn |
vmware-carbonblackedr-json-network-traffic-success-edr |
| json-carbonblack-edr-scriptload |
vmware-carbonblackceedr-json-process-create-success-scriptload |
| json-carbonblack-ngav-apicall |
vmware-carbonblackedr-json-endpoint-activity-success-epapicall |
| json-carbonblack-ngav-crossproc |
vmware-carbonblack-json-process-create-success-crossproc |
| json-carbonblack-ngav-filemod |
vmware-carbonblack-json-file-write-success-filemod |
| json-carbonblack-ngav-netconn |
vmware-carbonblack-json-network-traffic-success-ngav |
| json-carbonblack-ngav-procstart |
vmware-carbonblack-json-process-create-success-procstart |
| json-carbonblack-ngav-regmod |
vmware-carbonblack-json-registry-create-success-ngav |
| json-ccure-badge-access |
tyco-ccure-json-physical-location-access-fail-doorname |
| json-ccure-badge-access-2 |
tyco-ccure-json-physical-location-access-success-user |
| json-checkpoint-system-info |
checkpoint-am-kv-app-activity-antimalware-1 |
| json-cisco-cloudlock-dlp |
cisco-cloudlock-json-alert-trigger-success-entityowneremail |
| json-cisco-firesight-alert-1 |
cisco-fp-json-alert-trigger-success-malwareeventtype |
| json-cisco-netflow-connection |
cisco-netflow-json-network-traffic-success-90 |
| json-cisco-netflow-connection-1 |
cisco-netflow-kv-network-traffic-success-networkflow |
| json-cyberark-app-activity |
cyberark-epm-json-file-property-modify-filechangeevent |
| json-cyberark-app-activity-1 |
cyberark-epm-json-app-activity-success-policyauditevent |
| json-cyberark-app-activity-2 |
cyberark-epm-json-app-activity-success-zerotouchevent |
| json-cyberark-privileged-object-access |
cyberark-epm-json-user-privilege-use-success-setname |
| json-cybereason-security-alert |
cybereason-cr-json-alert-trigger-success-affectedusers |
| json-defender-alert-evidence |
microsoft-365defender-json-alert-trigger-success-publish |
| json-defender-alert-info |
microsoft-365defender-json-alert-trigger-success-publish-1 |
| json-defender-atp-alert |
microsoft-defenderep-json-alert-trigger-success-devicealertevents |
| json-defender-email-attachment-info |
microsoft-o365-json-email-send-fail-advancedhunting |
| json-defender-email-events |
microsoft-o365-json-email-send-fail-publish |
| json-dell-file-operations |
dell-emcisilon-json-file-write-success-create |
| json-duo-auth-attempt |
cisco-duo-json-endpoint-authentication-authfailed |
| json-email-saas-o365-alert |
microsoft-o365-json-email-send-success-messagetrace |
| json-exchange-dlp-email-in |
microsoft-exchange-json-email-receive-incoming |
| json-exchange-dlp-email-out |
microsoft-exchange-json-email-send-originating |
| json-exchange-email |
microsoft-exchange-json-email-success-5290 |
| json-exchange-scanmail-alert |
trendmicro-scanmail-json-alert-trigger-success-wineventlog |
| json-eyeinspect-failed-logon |
forescout-eyeinspect-json-endpoint-login-fail-failedlogin |
| json-eyeinspect-logout |
forescout-eyeinspect-json-app-logout-success-clientip |
| json-f5-auth-attempt |
f5-apm-json-endpoint-login-0149 |
| json-fireeye-alert-endpoint |
fireeye-nshelix-json-alert-trigger-success-rule |
| json-fireeye-alert-network |
fireeye-nshelix-json-alert-trigger-success-fireeyerule |
| json-github-app-activity |
github-g-json-app-activity-success-namespaceid |
| json-hmail-email-alert |
hmail-hmailserver-json-app-activity-winhmailserver |
| json-iptables-network-connection |
iptables-fw-json-network-traffic-fwiptable |
| json-irondefense-network-alert |
ironnet-id-json-alert-trigger-success-irondefense |
| json-lenel-badge-access |
lenel-og-json-physical-location-access-badgeid |
| json-malwarebytes-web-activity-denied |
malwarebytes-ep-sk4-http-session-fail-blocked |
| json-mcafee-epo-alert |
mcafee-es-json-alert-trigger-success-threatcategory |
| json-mcafee-epo-alert-1 |
mcafee-es-json-alert-trigger-success-avdetect |
| json-mcafee-epo-alert-2 |
mcafee-es-sk4-alert-trigger-success-analyzername |
| json-member-added-2008 |
microsoft-evsecurity-json-group-member-add-success-memberadded |
| json-member-removed |
microsoft-evsecurity-json-group-member-remove-memberremoved |
| json-microsoft-app-activity-1 |
microsoft-o365-sk4-app-file-success-group |
| json-microsoft-app-activity-10 |
microsoft-o365-sk4-app-file-success-userdelete |
| json-microsoft-app-activity-11 |
microsoft-o365-sk4-app-file-success-userrestore |
| json-microsoft-app-activity-12 |
microsoft-o365-sk4-app-file-success-userupdate |
| json-microsoft-app-activity-17 |
microsoft-o365-sk4-file-write-success-filemodified |
| json-microsoft-app-activity-19 |
microsoft-o365-sk4-file-delete-success-filedeleted |
| json-microsoft-app-activity-2 |
microsoft-o365-sk4-app-file-success-groupadd |
| json-microsoft-app-activity-31 |
microsoft-o365-sk4-app-file-success-deviceupdate |
| json-microsoft-app-activity-32 |
microsoft-o365-json-app-activity-success-labelupdated |
| json-microsoft-app-activity-5 |
microsoft-o365-sk4-app-file-success-groupunassign |
| json-microsoft-app-activity-6 |
microsoft-o365-sk4-app-file-success-groupupdate |
| json-microsoft-app-activity-8 |
microsoft-o365-sk4-file-download-success-group |
| json-microsoft-app-activity-9 |
microsoft-o365-sk4-app-file-success-useradd |
| json-microsoft-dns-query |
microsoft-evdnsserver-json-dns-request-success-qname |
| json-microsoft-mcas-anomaly |
microsoft-mcas-json-alert-trigger-success-anomalydetection |
| json-microsoft-mcas-anubis |
microsoft-mcas-json-alert-trigger-success-alertanubisdetection |
| json-microsoft-mcas-cabinet |
microsoft-mcas-json-alert-trigger-success-alertcabinet |
| json-microsoft-o365-alert |
microsoft-m365auditlogs-json-alert-trigger-supervision |
| json-microsoft-o365-alert-1 |
microsoft-m365auditlogs-json-alert-trigger-threatmanagement |
| json-microsoft-o365-alert-10 |
microsoft-azureadip-json-alert-trigger-success-infecteddevicelogin |
| json-microsoft-o365-alert-11 |
microsoft-defenderep-json-alert-trigger-success-initialaccess-1 |
| json-microsoft-o365-alert-12 |
microsoft-mcas-json-alert-trigger-success-alertanubisdetectionnewcountry |
| json-microsoft-o365-alert-13 |
microsoft-mcas-json-alert-trigger-success-failedloginattempt |
| json-microsoft-o365-alert-14 |
microsoft-mcas-json-alert-trigger-success-riskyipanonymous |
| json-microsoft-o365-alert-15 |
microsoft-mcas-json-alert-trigger-success-emaildetection |
| json-microsoft-o365-alert-16 |
microsoft-mcas-json-alert-trigger-success-cabinetapppermission |
| json-microsoft-o365-alert-17 |
microsoft-mcas-json-alert-trigger-success-managementgeneric |
| json-microsoft-o365-alert-18 |
microsoft-defenderep-json-alert-trigger-success-suspactivity |
| json-microsoft-o365-alert-19 |
microsoft-defenderep-mix-alert-trigger-success-unwantedsoftware |
| json-microsoft-o365-alert-2 |
microsoft-azureadip-json-alert-trigger-success-anonymouslogin |
| json-microsoft-o365-alert-20 |
microsoft-azureadip-json-alert-trigger-success-leakedcredentials |
| json-microsoft-o365-alert-21 |
microsoft-m365auditlogs-json-app-notification-mailflow |
| json-microsoft-o365-alert-22 |
microsoft-m365auditlogs-json-alert-trigger-datalossprevention |
| json-microsoft-o365-alert-23 |
microsoft-m365auditlogs-json-alert-trigger-accessgovernance |
| json-microsoft-o365-alert-24 |
microsoft-o365-sk4-alert-trigger-threatmanagement |
| json-microsoft-o365-alert-25 |
microsoft-m365auditlogs-sk4-alert-trigger-accessgovernance |
| json-microsoft-o365-alert-26 |
microsoft-365defender-sk4-alert-trigger-success-execution |
| json-microsoft-o365-alert-3 |
microsoft-defenderep-json-alert-trigger-success-commandandcontrol |
| json-microsoft-o365-alert-4 |
microsoft-defenderep-json-alert-trigger-success-credentialaccess |
| json-microsoft-o365-alert-5 |
microsoft-defenderep-mix-alert-trigger-success-credentialaccess |
| json-microsoft-o365-alert-6 |
microsoft-defenderep-json-alert-trigger-success-defenseevasion |
| json-microsoft-o365-alert-7 |
microsoft-defenderep-json-alert-trigger-success-defenseevasion-1 |
| json-microsoft-o365-alert-8 |
microsoft-defenderep-json-alert-trigger-success-execution |
| json-microsoft-o365-alert-9 |
microsoft-defenderep-json-alert-trigger-success-impact |
| json-microsoft-o365-file-alert |
microsoft-m365auditlogs-json-alert-trigger-datagovernance |
| json-microsoft-o365-file-alert-1 |
microsoft-m365auditlogs-sk4-alert-trigger-datagovernance |
| json-microsoft-scep-epp-alert |
microsoft-defenderep-json-alert-trigger-success-trojanprocess |
| json-mwg-web-activity |
mcafee-wg-json-http-session-amwprobability |
| json-netskope-app-activity-17 |
netskope-sc-json-app-activity-success-upload |
| json-netskope-app-activity-18 |
netskope-sc-json-app-activity-success-share |
| json-netskope-app-login |
netskope-sc-json-app-login-success-loginsuccessful |
| json-netskope-failed-app-login |
netskope-sc-json-app-login-fail-loginfailed |
| json-o365-activity-2 |
microsoft-m365auditlogs-json-app-activity-appactivity |
| json-o365-activity-3 |
microsoft-o365-sk4-file-app-userkey |
| json-o365-app-login |
microsoft-o365-sk4-app-login-success-loggedin |
| json-o365-dlp-email |
"microsoft-o365-json-email-send-receive-subject |
| json-o365-failed-app-login |
microsoft-o365-sk4-app-login-fail-appdisplayname |
| json-o365-file-write-7 |
microsoft-o365-sk4-file-write-success-fileuploaded |
| json-okta-account-lockout |
okta-amfa-json-user-lock-success-lockedout |
| json-okta-app-login |
okta-amfa-cef-app-login-success-appadloginsuccess |
| json-okta-app-login-1 |
okta-amfa-cef-app-login-success-coreuserauthloginsuccess |
| json-okta-authentication-failed-3 |
okta-amfg-cef-endpoint-login-fail-auth |
| json-okta-authentication-failed-4 |
okta-amfg-cef-endpoint-login-fail-invalidtoken |
| json-okta-authentication-failed-5 |
okta-amfg-cef-endpoint-login-fail-attemptfail |
| json-okta-authentication-success |
okta-amfg-cef-endpoint-login-success-attemptsuccess |
| json-okta-failed-app-login-1 |
okta-amfa-json-app-login-fail-signinfailed |
| json-okta-failed-app-login-2 |
okta-amfa-json-app-login-fail-factor |
| json-okta-failed-app-login-3 |
okta-amfa-json-app-login-fail-policy |
| json-okta-failed-app-login-4 |
okta-amfa-cef-app-login-fail-appadloginbadpassword |
| json-okta-failed-app-login-5 |
okta-amfa-cef-app-login-fail-apprichclientloginfailure |
| json-okta-failed-app-login-6 |
okta-amfa-cef-app-login-fail-coreuserauthloginfailed |
| json-okta-member-added |
okta-amfa-json-group-member-add-success-active |
| json-okta-security-alert |
okta-amfa-cef-alert-trigger-success-threatdetected |
| json-okta-system-info |
okta-amfa-json-user-password-forget-recovery |
| json-okta-system-info-1 |
okta-amfa-json-user-password-expire-provider |
| json-paloalto-firewall-traffic-drop |
pan-ngfw-json-network-traffic-fail-deny-1 |
| json-paloalto-ngfw-network-connection |
pan-ngfw-json-network-traffic-start |
| json-pan-file-alert |
pan-ngfw-json-alert-trigger-success-file |
| json-pan-system-general |
pan-ngfw-json-app-activity-success-subtype |
| json-pan-system-hipmatch |
pan-ngfw-json-alert-trigger-success-hipmatch |
| json-pan-system-userid |
pan-ngfw-json-app-notification-success-userid |
| json-pan-system-vpn |
pan-ngfw-json-vpn-authentication-success-subtypevpn |
| json-ping-id-auth-failed |
pingidentity-pi-json-app-authentication-fail-triggeredby |
| json-ping-id-auth-failed-1 |
pingidentity-pi-json-app-authentication-fail-applicationmsg |
| json-ping-id-auth-failed-2 |
pingidentity-pi-json-app-authentication-fail-ping |
| json-prisma-security-alert |
pan-prisma-json-alert-trigger-success-prismacloud |
| json-process-created |
microsoft-evsecurity-json-process-create-success-4688 |
| json-process-created-1 |
microsoft-evsecurity-json-process-create-success-4688-1 |
| json-process-created-2 |
microsoft-evsecurity-json-process-create-success-4688-2 |
| json-s-proofpoint-email-alert-2 |
"proofpoint-tap-json-email-receive-fail-threat |
| json-sentinelone-app-activity |
sentinelone-singularityp-json-group-create-success-groupcreation |
| json-sentinelone-config-change |
sentinelone-singularityp-json-dll-load-success-module |
| json-sentinelone-driver-load |
sentinelone-singularityp-json-driver-load-success-driverload |
| json-sentinelone-process-alert |
sentinelone-singularityp-json-alert-trigger-success-behavioralindicators |
| json-sentinelone-process-created |
sentinelone-singularityp-json-process-create-success-processcreation |
| json-sentinelone-registry-write |
sentinelone-singularityp-json-registry-modify-success-valuemodifies |
| json-sentinelone-registry-write-1 |
sentinelone-singularityp-json-registry-create-success-valuecreate |
| json-sentinelone-registry-write-2 |
sentinelone-singularityp-json-registry-create-success-keycreate |
| json-sentinelone-registry-write-3 |
sentinelone-singularityp-json-registry-modify-success-keysecuritychanges |
| json-sentinelone-security-alert |
sentinelone-singularityp-json-alert-trigger-success-processachieved |
| json-sentinelone-singularityp-alert |
sentinelone-singularityp-json-alert-trigger-success-ip |
| json-sentinelone-singularityp-alert-1 |
sentinelone-singularityp-json-alert-trigger-success-dnsresolved |
| json-sentinelone-singularityp-alert-2 |
sentinelone-singularityp-json-alert-trigger-success-indicators |
| json-sentinelone-singularityp-file |
sentinelone-singularityp-json-file-edreventcategory |
| json-sentinelone-singularityp-process-created-1 |
sentinelone-singularityp-json-process-create-success-process |
| json-sentinelone-singularityp-process-network |
sentinelone-singularityp-json-network-session-success-iplisten |
| json-sentinelone-system-alert |
sentinelone-singularityp-json-registry-delete-success-valuedelete |
| json-sentinelone-system-alert-1 |
sentinelone-singularityp-json-registry-delete-success-keydelete |
| json-sentinelone-system-event |
sentinelone-singularityp-json-handle-open-success-openremoteprocesshandle |
| json-sentinelone-system-event-1 |
sentinelone-singularityp-json-handle-copy-success-duplicateprocesshandle |
| json-sentinelone-system-info |
sentinelone-singularityp-json-script-execute-success-commandscript |
| json-sentinelone-threat-file-delete |
sentinelone-singularityp-json-file-delete-success-deletionfile |
| json-sentinelone-threat-file-write |
sentinelone-singularityp-json-file-write-success-filemodify |
| json-sentinelone-threat-file-write-2 |
sentinelone-singularityp-json-file-write-success-filecreation-1 |
| json-sentinelone-threat-network-connection |
sentinelone-singularityp-json-network-traffic-success-ipconnect |
| json-sybase-db-access |
sybase-s-json-database-activity-success-accesstodb |
| json-sybase-db-access-1 |
sybase-s-json-database-activity-success-eventdesc |
| json-sybase-db-login |
sybase-s-json-database-login-success-login |
| json-sybase-db-logout |
sybase-s-json-database-logout-logout |
| json-sybase-db-query-create |
sybase-s-json-database-query-success-createtable |
| json-sybase-db-query-delete |
sybase-s-json-database-query-success-deletetable |
| json-sybase-db-query-insert |
sybase-s-json-database-query-success-inserttable |
| json-sybase-db-query-select |
sybase-s-json-database-query-success-selecttable |
| json-sybase-db-query-update |
sybase-s-json-database-query-success-updatetable |
| json-sysmon-config-change |
microsoft-sysmon-json-driver-load-6 |
| json-sysmon-file-create |
microsoft-sysmon-json-file-write-success-11 |
| json-sysmon-file-create-1 |
microsoft-sysmon-json-file-write-success-2 |
| json-sysmon-process-created |
microsoft-sysmon-json-process-create-success-processcreate |
| json-sysmon-process-created-1 |
microsoft-sysmon-json-process-create-success-createremotethread |
| json-sysmon-process-network |
microsoft-sysmon-json-network-session-success-netconn |
| json-sysmon-process-terminated |
microsoft-sysmon-json-process-close-terminated |
| json-unix-ssh-login-failed |
unix-unix-json-endpoint-login-fail-failed |
| json-unix-ssh-logout |
unix-unix-sk4-endpoint-logout-success-disconnectedbyuser |
| json-unix-ssh-logout-1 |
unix-unix-sk4-endpoint-logout-success-connectionclosed |
| json-windows-auth |
microsoft-windows-json-endpoint-login-authentication |
| json-windows-dns-query |
microsoft-windows-json-dns-request-success-windns |
| json-windows-dns-response |
microsoft-windows-json-dns-response-success-logtype |
| json-windows-events-catchall |
microsoft-evsecurity-json-endpoint-activity-auditing |
| json-windows-events-netlogon |
"microsoft-evsystem-xml-endpoint-login-fail-5805 |
| json-windows-heartbeat-system-info |
microsoft-windows-sk4-app-notification-success-heartbeat |
| json-windows-system-event |
microsoft-evsecurity-sk4-endpoint-activity-success-microsoftwindowssecurityauditing |
| json-windows-vpn-login |
microsoft-windows-json-vpn-login-virtualserver |
| json-xml-4658 |
"microsoft-evsecurity-mix-handle-close-4658 |
| json-xml-4673 |
microsoft-evsecurity-json-user-privilege-use-success-4673 |
| json-xml-4717 |
"microsoft-evsecurity-cef-user-modify-4717 |
| json-xml-4718 |
"microsoft-evsecurity-cef-user-permission-modify-4718 |
| json-xml-4735 |
"microsoft-evsecurity-xml-group-modify-success-4735-2 |
| json-xml-4768 |
"microsoft-evsecurity-xml-endpoint-4768 |
| json-xml-4769 |
microsoft-evsecurity-mix-endpoint-login-4769-2 |
| json-xml-4770 |
microsoft-evsecurity-mix-endpoint-login-4770-1 |
| json-xml-4771 |
"microsoft-evsecurity-xml-endpoint-login-fail-4771-1 |
| json-xml-4798 |
"microsoft-evsecurity-xml-group-list-4798-2 |
| json-xml-4799 |
"microsoft-evsecurity-xml-group-member-list-4799 |
| json-xml-4904 |
"microsoft-evsecurity-xml-audit-policy-modify-4904-1 |
| json-xml-4905 |
"microsoft-evsecurity-xml-audit-policy-modify-4905-1 |
| json-xml-5058 |
"microsoft-evsecurity-mix-file-5058 |
| json-xml-5058-1 |
"microsoft-evsecurity-cef-file-5058 |
| json-xml-5059 |
"microsoft-evsecurity-mix-key-migrate-5059-1 |
| json-xml-5059-1 |
"microsoft-evsecurity-mix-key-migrate-5059 |
| json-xml-5061 |
"microsoft-evsecurity-mix-key-5061 |
| json-xml-5061-1 |
"microsoft-evsecurity-cef-key-5061 |
| json-xml-5140 |
"microsoft-evsecurity-json-share-access-success-5140-2 |
| json-xml-5141 |
microsoft-evsecurity-xml-ds-object-delete-success-5141-1 |
| json-xml-5152 |
"microsoft-evsecurity-mix-network-traffic-fail-5152-1 |
| json-xml-5156 |
"microsoft-evsecurity-xml-network-session-success-5156-1 |
| json-xml-5157 |
"microsoft-evsecurity-xml-network-session-fail-5157-1 |
| json-xml-5158 |
"microsoft-evsecurity-xml-network-session-success-5158-1 |
| json-xml-8002 |
"microsoft-evapplocker-cef-endpoint-notification-8002 |
| json-zeek-app-activity |
zeek-zeek-json-app-notification-software |
| json-zeek-kerberos |
zeek-z-json-endpoint-login-zeek_kerberos |
| json-zeek-known-services |
zeek-z-json-network-notification-knownservices |
| json-zeek-network-connection |
zeek-z-json-network-traffic-success-pathsnmp |
| json-zeek-network-connection-1 |
zeek-z-json-network-traffic-success-http |
| json-zeek-network-connection-2 |
zeek-z-json-network-traffic-success-dpd |
| json-zeek-network-info |
zeek-zeek-json-network-notification-dnstunnels |
| json-zeek-notice |
zeek-z-json-alert-trigger-notice |
| json-zeek-ntp |
zeek-z-json-network-traffic-ntp |
| json-zeek-sip |
zeek-z-json-network-traffic-sip |
| json-zeek-snmp |
zeek-z-json-network-traffic-snmp |
| json-zeek-x509 |
zeek-z-json-network-notification-x509 |
| json-zeek_dce_rpc |
zeek-z-json-endpoint-login-success-endpointlogin |
| json-zeek_dhcp |
zeek-z-json-endpoint-login-success-discover |
| json-zeek_dns |
zeek-z-json-dns-request-success-zeekdns |
| json-zeek_files |
zeek-z-json-file-read-success-analyzers |
| json-zeek_http |
zeek-z-json-http-session-zeekhttp |
| json-zeek_ntlm |
zeek-z-json-endpoint-login-success-resp |
| json-zeek_ssl |
zeek-z-json-app-authentication-success-zeekssl |
| json-zeek_weird |
zeek-z-json-alert-trigger-success-ip |
| jsonar-database-login |
jsonar-sonarg-json-database-login-success-sonarw |
| jsonar-database-login-1 |
jsonar-sonarg-leef-database-login-success-logout |
| jun-flow-mcast-rpf-fail |
juniper-srx-kv-network-notification-flowmcastrpffail |
| jun-network-connection |
juniper-srx-kv-network-session-netscreen |
| jun-rt-alg-ntc-fsm-drop |
juniper-srx-kv-network-notification-rtalgntcfsmdrop |
| jun-rt-alg-ntc-parse-err |
juniper-srx-kv-app-notification-rtalgntcparseerr |
| jun-rt-alg-wrn-cfg-need |
juniper-srx-kv-app-notification-rtalgwrncfgneed |
| jun-system-info |
juniper-srx-str-app-activity-netscreen-1 |
| jun-ui-login-event |
juniper-srx-kv-endpoint-login-success-uiloginevent |
| juniper-access-control |
"juniper-ps-str-vpn-login-success-login-1 |
| juniper-auth-failed |
juniper-jn-kv-endpoint-authentication-fail-authfailure |
| juniper-commit-events |
juniper-jn-str-configuration-modify-success-mgd |
| juniper-failed-login |
juniper-jn-kv-app-login-fail-sshdloginfailed |
| juniper-firewall-auth-successful |
juniper-srx-str-app-authentication-success-authsuccessfor |
| juniper-firewall-auth-successful-1 |
juniper-srx-str-app-login-success-loggedon |
| juniper-firewall-logout |
juniper-srx-str-app-logout-success-logout |
| juniper-firewall-network-connection-close |
juniper-jn-kv-network-close-rtflowsessionclose |
| juniper-firewall-network-connection-close-1 |
juniper-srx-str-network-session-fail-sessionclosed |
| juniper-firewall-network-connection-create |
juniper-srx-kv-network-session-success-sessioncreate |
| juniper-firewall-network-connection-create-2 |
juniper-srx-str-network-session-success-sessioncreate |
| juniper-firewall-network-connection-deny |
juniper-srx-kv-network-session-fail-sessiondeny |
| juniper-firewall-network-connection-deny-2 |
juniper-srx-str-network-session-fail-sessiondeny |
| juniper-firewall-network-connection-failed |
juniper-srx-kv-network-traffic-fail-actiondeny |
| juniper-firewall-network-connection-successful |
juniper-srx-kv-network-traffic-success-actionpermit |
| juniper-firewall-session-creation |
juniper-srx-str-network-traffic-success-sessioncreated |
| juniper-firewall-system-info |
juniper-srx-str-app-activity-netscreen |
| juniper-network-alert-1 |
juniper-jn-kv-alert-trigger-success-idpattacklogevent |
| juniper-network-alert-2 |
juniper-srx-cef-alert-trigger-success-inpolicy |
| juniper-network-connection |
juniper-jn-kv-network-session-success-connection |
| juniper-network-connection-1 |
juniper-jn-sk4-network-start-success-rtflowsessioncreate |
| juniper-network-connection-2 |
juniper-jn-sk4-network-close-success-rtflowsessionclose |
| juniper-network-connection-3 |
juniper-jn-sk4-network-session-fail-rtflowsessiondeny |
| juniper-network-vpn-connection |
juniper-ps-str-vpn-authentication-unauthenticatedrequest |
| juniper-nwc-vpn-end |
juniper-ps-kv-vpn-logout-success-juniper |
| juniper-nwc-vpn-start |
juniper-ps-kv-vpn-login-success-23464 |
| juniper-owa |
juniper-ps-kv-app-login-success-loginsuccess |
| juniper-process-created-1 |
juniper-jn-str-process-create-success-user |
| juniper-process-created-2 |
juniper-jn-str-process-create-success-client |
| juniper-security-alert |
juniper-srx-kv-alert-trigger-success-avvirusdetected |
| juniper-vpn-close |
"juniper-ps-kv-vpn-logout-success-closed |
| juniper-web-activity-1 |
juniper-ps-str-http-session-success-request-1 |
| juniper-web-activity-2 |
juniper-ps-str-http-session-success-request |
| juniper-web-activity-3 |
juniper-ps-str-http-session-success-request-2 |
| junos-ids-network-connection |
juniper-srx-kv-app-activity-drop |