| o365-activity-1 |
"microsoft-o365-xml-file-write-success-mailboxpermission |
| o365-activity-2 |
microsoft-o365-sk4-app-activity-appactivity |
| o365-activity-3 |
microsoft-o365-sk4-app-file-workload |
| o365-alert-1 |
microsoft-azureadip-cef-alert-trigger-success-logininfected |
| o365-app-login |
microsoft-o365-sk4-app-login-success-snowflake |
| o365-app-login-1 |
microsoft-o365-json-app-login-success-userloggedin |
| o365-dlp-alert |
microsoft-o365-json-alert-trigger-success-dlprulematch |
| o365-dlp-alert-1 |
microsoft-o365-json-alert-trigger-success-rulename |
| o365-dlp-email-out-1 |
microsoft-o365-cef-email-send-workload |
| o365-dlp-email-out-2 |
microsoft-o365-cef-email-send-sendas |
| o365-dlp-policy-alert |
microsoft-o365-json-alert-trigger-success-moplabel |
| o365-dlp-rule-undo-activity |
microsoft-o365-sk4-app-activity-success-dlpruleundo |
| o365-email-alert |
microsoft-o365-kv-email-delivered |
| o365-failed-app-login |
microsoft-o365-sk4-app-login-fail-snowflake |
| o365-inbox-activity |
microsoft-o365-cef-app-activity-success-addmailboxpermission |
| o365-inbox-rules |
microsoft-o365-sk4-app-activity-delivertomailboxandforward |
| o365-inbox-rules-2 |
microsoft-o365-sk4-app-activity-success-sentmailbox |
| o365-inbox-rules-all |
microsoft-o365-sk4-app-activity-success-newinboxrule |
| o365-inbox-rules-all-2 |
microsoft-o365-sk4-app-activity-success-setinboxrule |
| o365-inbox-rules-forward-to |
microsoft-o365-sk4-app-activity-success-forwardto |
| o365-inbox-rules-forward-to-1 |
microsoft-o365-sk4-app-activity-success-forward |
| o365-inbox-rules-forward-to-2 |
microsoft-o365-json-app-activity-success-updateinboxrules |
| o365-inbox-rules-move-to-folder |
microsoft-o365-sk4-app-activity-success-movetofolder |
| o365-mal-url-click |
microsoft-o365-sk4-alert-trigger-success-securitycompliance |
| o365-malware-alert |
microsoft-o365-sk4-alert-trigger-success-malwareindata |
| o365-mip-label-activity |
microsoft-o365-json-app-activity-success-operation |
| o365-onedrive-app-activity |
microsoft-o365-csv-app-activity-success-onedrive |
| o365-phishing-alert |
microsoft-o365-json-email-send-receive-internentmessageid |
| o365-powerbi-activity |
microsoft-o365-json-app-activity-success-powerbi |
| o365-search-data-4 |
microsoft-o365-mix-app-activity-success-securitycompliancecenter |
| o365-security-alert |
microsoft-o365-cef-alert-trigger-success-alerttriggerd |
| o365-security-alert-1 |
microsoft-o365-json-alert-trigger-success-anonymouslogin |
| o365-security-alert-2 |
microsoft-o365-json-alert-trigger-success-securitythreatdetected |
| o365-security-alert-3 |
microsoft-o365-json-alert-trigger-success-securitythreatdetected-1 |
| o365-sharepoint-activity |
microsoft-o365-mix-file-success-workload |
| o365-sharepoint-app-activity |
microsoft-o365-csv-file-success-sharepoint |
| o365-signin-alert |
microsoft-o365-cef-alert-trigger-success-anonymousipriskevent |
| o365-teams-activity-1 |
microsoft-o365-mix-app-activity-success-microsoftteams |
| o365-teams-app-login |
microsoft-o365-mix-app-login-success-teamssessionstarted |
| o365-url-click-alert |
microsoft-o365-sk4-alert-trigger-success-urlclicked |
| o365-usb-write |
microsoft-o365-sk4-file-write-success-filecreatedonremovablemedia |
| observeit-alerts |
observeit-o-kv-alert-trigger-success-alerts |
| observeit-app-activity |
proofpoint-o-json-app-activity-sessionurl |
| observeit-audit-logins |
observeit-o-kv-app-login-auditlogins |
| observeit-dba-activity |
observeit-o-kv-database-activity-success-dbactivity |
| observeit-dlp-alert-1 |
proofpoint-observeit-json-alert-trigger-success-dataexfiltration |
| observeit-dlp-alert-2 |
proofpoint-observeit-json-alert-trigger-success-datainfiltration |
| observeit-security-alert-1 |
proofpoint-observeit-json-alert-trigger-success-truedigital |
| observeit-security-alert-2 |
proofpoint-observeit-json-alert-trigger-success-high |
| observeit-security-alert-3 |
proofpoint-o-json-alert-trigger-sessionurl |
| observeit-sessions |
observeit-o-kv-endpoint-login-success-observeitsessions |
| observeit-useractivity |
observeit-o-kv-process-create-success-useractivity |
| okta-account-creation |
okta-amfa-json-user-create-success-usercreation |
| okta-account-enabled |
okta-amfa-json-user-enable-success-published |
| okta-account-password-change |
okta-amfa-sk4-user-password-modify-success-passwordupdate |
| okta-app-activity |
okta-amfa-json-app-activity-published |
| okta-app-activity-1 |
okta-amfa-sk4-app-published |
| okta-app-activity-ad |
okta-amfa-json-app-activity-success-appgroup |
| okta-app-login |
okta-amfa-sk4-app-login-success-signin |
| okta-app-login-1 |
okta-amfa-json-app-login-success-startnewsession |
| okta-failed-app-login |
okta-amfa-csv-app-login-fail-signfailed |
| okta-member-removed |
okta-amfa-sk4-group-member-remove-success-groupmembership |
| onapsis-db-op |
onapsis-o-kv-database-modify-success-dbactivity |
| onapsis-system-event |
onapsis-o-json-app-notification-usermaintenance |
| onapsis-system-event-1 |
onapsis-o-json-alert-trigger-erphost |
| onapsis-system-event-2 |
onapsis-o-json-app-notification-logline |
| onapsis-system-event-3 |
onapsis-o-str-app-activity-satori |
| onelogin-app-activity |
onelogin-o-kv-app-login-3005 |
| onespan-failed-logon |
onespan-osign-kv-endpoint-login-fail-ikeyserver |
| onewelcome-authentication-failed |
onewelcome-ocip-json-app-authentication-fail-430102 |
| onewelcome-authentication-failed-1 |
onewelcome-ocip-json-app-authentication-fail-130001 |
| onewelcome-authentication-failed-2 |
onewelcome-ocip-json-app-authentication-fail-430101 |
| onewelcome-authentication-failed-3 |
onewelcome-ocip-json-app-authentication-fail-130104 |
| onewelcome-authentication-failed-4 |
onewelcome-ocip-json-app-authentication-fail-111407 |
| onewelcome-authentication-failed-5 |
onewelcome-ocip-json-app-authentication-fail-130207 |
| onewelcome-authentication-successful |
onewelcome-ocip-json-app-authentication-success-120000 |
| onewelcome-authentication-successful-1 |
onewelcome-ocip-json-app-authentication-success-120202 |
| onewelcome-authentication-successful-2 |
onewelcome-ocip-json-app-authentication-success-111404 |
| open-shift-1 |
openshift-o-kv-app-activity-annotations |
| opendj-auth-failure-reason |
opendj-o-kv-endpoint-login-msgid |
| opendj-auth-info |
opendj-o-kv-endpoint-login-connectconn |
| opendj-auth-uid |
opendj-o-kv-endpoint-login-uid |
| openvms-batch-logon |
vms-openvms-kv-endpoint-login-fail-processlogin |
| openvms-failed-logon |
vms-openvms-kv-endpoint-login-fail-loginfailure |
| openvms-file-access |
vms-openvms-kv-file-read-success-username |
| openvms-file-delete |
vms-openvms-kv-file-delete-success-objectdeletion |
| openvms-process-logout |
vms-openvms-kv-endpoint-logout-success-batchprocesslogout |
| openvms-remote-login |
vms-openvms-kv-endpoint-login-fail-interactivelogin |
| openvms-remote-logout |
vms-openvms-kv-endpoint-logout-success-remoteinteractivelogout |
| openvpn-app-activity |
openvpn-ov-kv-app-activity-appactivity |
| openvpn-auth-failed |
sslopenvpn-s-kv-vpn-login-fail-authfail |
| openvpn-auth-failed-1 |
openvpn-ov-kv-app-notification-openvpn |
| openvpn-auth-failed-2 |
openvpn-sslvpn-kv-app-authentication-fail-authfailed |
| openvpn-auth-successful |
sslopenvpn-s-kv-vpn-login-success-authsuccess |
| openvpn-failed-vpn-login |
sslopenvpn-s-str-vpn-login-fail-authfailvpn |
| openvpn-system-info |
openvpn-ov-str-app-activity-datachannel |
| openvpn-system-info-1 |
openvpn-sslvpn-str-app-notification-ovpn |
| openvpn-vpn-end |
sslopenvpn-s-kv-vpn-logout-success-loggedout |
| openvpn-vpn-end-1 |
sslopenvpn-s-kv-vpn-logout-success-terminated |
| openvpn-vpn-end-2 |
openvpn-ov-str-vpn-logout-success-reset |
| openvpn-vpn-end-3 |
openvpn-ov-str-vpn-logout-success-reset-1 |
| openvpn-vpn-end-4 |
openvpn-ov-str-vpn-logout-success-timeout |
| openvpn-vpn-login |
sslopenvpn-s-kv-vpn-login-success-googleseclock |
| openvpn-vpn-login-1 |
sslopenvpn-s-kv-vpn-login-success-arrayos |
| oracle-access-manager |
oracle-am-cef-endpoint-authentication-accessmanager |
| oracle-auth-failed |
oracle-db-str-app-login-fail-sshfailed |
| oracle-auth-successful |
oracle-db-str-database-login-sshok |
| oracle-avdf-database-login |
oracle-avdf-json-database-login-success-loginsucceeded |
| oracle-avdf-database-logout |
oracle-avdf-kv-database-logout-success-logout |
| oracle-avdf-database-query |
oracle-avdf-kv-database-query-success-table |
| oracle-database-access |
oracle-db-kv-database-activity-success-oracleddl |
| oracle-database-access-1 |
oracle-db-json-database-activity-success-userhost |
| oracle-database-delete |
oracle-db-json-database-delete-success-sessionrec |
| oracle-database-login |
oracle-db-json-database-login-success-userhost |
| oracle-database-query-4 |
oracle-db-kv-database-query-success-actionname |
| oracle-db-access |
oracle-db-kv-database-activity-success-connectdata |
| oracle-db-access-1 |
oracle-db-csv-database-activity-success-oracle |
| oracle-db-access-2 |
oracle-db-kv-database-activity-success-grant |
| oracle-db-insert |
oracle-db-str-database-query-success-insert |
| oracle-db-login |
oracle-db-json-database-login-logon |
| oracle-db-login-1 |
oracle-db-str-database-login-action |
| oracle-db-login-2 |
oracle-o-kv-database-login-success-standardaudit |
| oracle-db-login-3 |
oracle-db-kv-database-login-success-unifiedaudit |
| oracle-db-logout-1 |
oracle-db-kv-database-logout-success-logoff |
| oracle-db-query |
oracle-db-json-database-query-success-returncode |
| oracle-db-query-1 |
oracle-db-json-database-query-success-grantrole |
| oracle-db-query-2 |
oracle-db-json-database-query-success-alter |
| oracle-db-query-3 |
oracle-db-json-database-query-success-oraclefga |
| oracle-db-query-4 |
oracle-db-kv-database-query-success-select |
| oracle-db-query-5 |
oracle-db-kv-database-query-success-createtable |
| oracle-db-update |
oracle-db-json-database-modify-success-fga |
| oracle-db-update-1 |
oracle-db-kv-database-modify-success-update |
| oracle-logout |
oracle-db-str-app-logout-logoutok |
| oracle-public-cloud-netflow-connection |
oracle-pc-sk4-network-traffic-success-dataevent |
| oracle-public-cloud-storage-access |
oracle-pc-sk4-app-activity-success-oracle |
| oracle-system-info |
oracle-db-kv-app-activity-sqlbind |
| ordr-json-alert |
ordr-sce-json-alert-trigger-success-warning |
| osirium-app-login |
osirium-o-str-app-login-success-logged |
| ossec-security-alert-1 |
ossec-o-cef-alert-trigger-success-location |
| ossec-security-alert-2 |
ossec-o-kv-alert-trigger-success-syscheck |
| ossec-system-event |
wazuh-w-json-alert-trigger-wazuhalerts |
| osx-local-logon |
apple-macos-str-endpoint-login-success-storingcredential |
| outlook-exchange-app-activity-1 |
microsoft-exchange-kv-app-activity-softdelete |
| outlook-exchange-app-activity-10 |
microsoft-exchange-kv-app-activity-sendonbehalf |
| outlook-exchange-app-activity-2 |
microsoft-exchange-kv-app-activity-folderbind |
| outlook-exchange-app-activity-3 |
microsoft-exchange-kv-app-activity-harddelete |
| outlook-exchange-app-activity-4 |
microsoft-exchange-kv-app-activity-mailitemsaccessed |
| outlook-exchange-app-activity-5 |
microsoft-exchange-kv-app-activity-movetodeleteditems |
| outlook-exchange-app-activity-6 |
microsoft-exchange-kv-app-activity-setuser |
| outlook-exchange-app-activity-7 |
microsoft-exchange-kv-app-activity-updateinboxrules |
| outlook-exchange-app-activity-8 |
microsoft-exchange-kv-app-activity-update |
| outlook-exchange-app-activity-9 |
microsoft-exchange-kv-app-activity-sendas |
| ovirt-app-activity-1 |
ovirt-o-kv-app-activity-success-vmsetticket |
| ovirt-app-activity-10 |
ovirt-o-kv-app-activity-success-storagedomain |
| ovirt-app-activity-11 |
ovirt-o-kv-app-activity-success-useraddeddiskprofile |
| ovirt-app-activity-12 |
ovirt-o-kv-app-activity-success-useradddisktovm |
| ovirt-app-activity-13 |
ovirt-o-kv-app-activity-success-userstoppedvm |
| ovirt-app-activity-14 |
ovirt-o-kv-app-activity-success-userinitiatedshutdownvm |
| ovirt-app-activity-15 |
ovirt-o-kv-app-activity-success-useraddvmstarted |
| ovirt-app-activity-16 |
ovirt-o-kv-app-activity-success-networkaddvminterface |
| ovirt-app-activity-17 |
ovirt-o-kv-app-activity-success-networkactivatevminterfacesuccess |
| ovirt-app-activity-18 |
ovirt-o-kv-app-activity-success-entityrenamed |
| ovirt-app-activity-2 |
ovirt-o-kv-app-activity-success-vmconsoleconnected |
| ovirt-app-activity-20 |
ovirt-o-kv-app-activity-success-storagepool |
| ovirt-app-activity-21 |
ovirt-kv-str-app-activity-success-templatefinishedsuccess |
| ovirt-app-activity-22 |
ovirt-o-kv-app-activity-success-imageastemplate |
| ovirt-app-activity-23 |
ovirt-o-kv-app-activity-success-vdsactivate |
| ovirt-app-activity-24 |
ovirt-o-kv-app-activity-success-vdsmaintainance |
| ovirt-app-activity-25 |
ovirt-o-kv-app-activity-success-userupdatestoragedomain |
| ovirt-app-activity-26 |
ovirt-o-kv-app-activity-success-userovfupdate |
| ovirt-app-activity-27 |
ovirt-o-kv-app-activity-success-updatecluster |
| ovirt-app-activity-28 |
ovirt-o-kv-app-activity-success-userstopvm |
| ovirt-app-activity-29 |
ovirt-o-kv-app-activity-success-unregistereddisks |
| ovirt-app-activity-3 |
ovirt-o-kv-app-activity-success-userstartedvm |
| ovirt-app-activity-30 |
ovirt-o-kv-app-activity-success-removevmtemplate |
| ovirt-app-activity-31 |
ovirt-o-kv-app-activity-success-removedomain |
| ovirt-app-activity-32 |
ovirt-o-kv-app-activity-success-attachedtovms |
| ovirt-app-activity-33 |
ovirt-o-kv-app-activity-success-userfailedrunvm |
| ovirt-app-activity-34 |
ovirt-o-kv-app-activity-success-ejectvmdisk |
| ovirt-app-activity-35 |
ovirt-o-kv-app-activity-success-detachfrompool |
| ovirt-app-activity-36 |
ovirt-o-kv-app-activity-success-attachdomains |
| ovirt-app-activity-37 |
ovirt-o-kv-app-activity-success-addvds |
| ovirt-app-activity-38 |
ovirt-o-kv-app-activity-success-updateinterface |
| ovirt-app-activity-39 |
ovirt-o-kv-app-activity-success-addprofile |
| ovirt-app-activity-4 |
ovirt-o-kv-app-activity-success-vmconsoledisconnected |
| ovirt-app-activity-5 |
ovirt-o-kv-app-activity-success-userupdatevm |
| ovirt-app-activity-6 |
ovirt-o-kv-app-activity-success-clearlog |
| ovirt-app-activity-7 |
ovirt-o-kv-app-activity-success-changedisk |
| ovirt-app-activity-8 |
ovirt-o-kv-app-activity-success-attachstoragetopool |
| ovirt-app-activity-9 |
ovirt-o-kv-app-activity-success-adddomain |
| ovirt-app-activity-failed |
ovirt-o-str-app-activity-fail-validation |
| ovirt-app-login |
ovirt-o-str-app-login-success-loggedin |
| ovirt-app-logout |
ovirt-o-kv-app-logout-success-loggedout |
| ovirt-app-logout-1 |
ovirt-o-str-app-logout-success-successfullyloggedout |
| ovirt-failed-app-login |
ovirt-o-str-app-login-fail-ovirt |
| ovirt-failed-app-login-1 |
ovirt-o-str-app-login-fail-unabletologin |