| r-asa-aaa-vpn-start |
cisco-asa-str-vpn-login-success-109005-1 |
| r-nic-4771 |
microsoft-evsecurity-kv-endpoint-login-fail-4771-1 |
| r-nic-528 |
microsoft-evsecurity-cef-endpoint-success-528-1 |
| r-nic-540 |
microsoft-evsecurity-kv-endpoint-login-success-540-1 |
| r-nic-damballa-alert |
damballa-failsafe-kv-alert-trigger-success-infected |
| r-syslog-5136 |
microsoft-evsecurity-kv-ds-object-activity-success-5136 |
| r-syslog-bluecoatcas-alert |
symantec-bccas-csv-alert-trigger-success-avservice |
| r-syslog-chkpnt-vpn-end |
checkpoint-sg-csv-vpn-logout-success-authcrypt |
| r-syslog-chkpnt-vpn-set-ip |
checkpoint-sg-str-vpn-login-success-decrypt |
| r-syslog-chkpnt-vpn-start |
checkpoint-sg-str-vpn-login-success-authcrypt |
| r-syslog-physical-badge-access |
siemens-s-kv-physical-location-access-siemensfusionac |
| r-syslog-vontu-dlp |
symantec-dlp-str-email-receive-incident |
| r-syslog-vontu-dlp-1 |
symantec-dlp-str-email-send-protectmanager |
| racf-db-access |
ibm-racf-kv-database-activity-success-access |
| racf-db-access-1 |
ibm-racf-kv-database-activity-success-insufficientauth |
| racf-db-access-2 |
ibm-racf-kv-database-activity-success-connect |
| racf-db-access-3 |
ibm-racf-kv-database-activity-success-setropts |
| racf-db-access-4 |
ibm-racf-kv-database-activity-success-altuser |
| racf-db-access-5 |
ibm-racf-kv-app-activity-general-audit-record-auditrecordwritten |
| racf-db-failed-login |
ibm-racf-kv-database-login-fail-signon |
| radius-nac-logon |
radius-r-kv-endpoint-success-sessionlogs |
| radware-alert |
radware-alteon-str-app-notification-accessattempted |
| radware-app-activity |
radware-alteon-str-app-notification-notsynchronized |
| radware-failed-app-login |
radware-alteon-str-app-login-fail-fromhost |
| radware-network-alert |
radware-waf-kv-alert-trigger-security |
| rapid7-security-alert |
rapid7-insightvm-cef-alert-trigger-success-vulnerability |
| raw-10016 |
microsoft-evsystem-kv-dcom-activate-fail-10016 |
| raw-104 |
microsoft-windows-str-log-clear-success-104 |
| raw-1102 |
microsoft-evsecurity-kv-log-clear-success-1102 |
| raw-1149 |
microsoft-evadfs-kv-endpoint-login-success-1149 |
| raw-1149-1 |
microsoft-evadfs-kv-rdp-traffic-success-remoteconnect |
| raw-1202 |
microsoft-evapp-str-endpoint-notification-1202 |
| raw-14554 |
microsoft-evsystem-str-endpoint-notification-14554 |
| raw-148 |
microsoft-evadfs-kv-endpoint-logout-success-148 |
| raw-1503 |
microsoft-evsystem-str-policy-apply-processsuccess |
| raw-1644 |
microsoft-evadfs-kv-endpoint-activity-success-1644 |
| raw-2004 |
microsoft-evsystem-str-endpoint-notification-success-2004 |
| raw-216 |
microsoft-windows-kv-file-write-success-216 |
| raw-2889 |
microsoft-evsecurity-str-app-authentication-2889 |
| raw-325 |
microsoft-windows-kv-file-write-success-325 |
| raw-326 |
microsoft-windows-kv-file-read-success-326 |
| raw-327 |
microsoft-windows-kv-file-close-success-327 |
| raw-36874 |
microsoft-evsystem-str-ssl-start-fail-36874 |
| raw-40961 |
microsoft-evpowershell-str-endpoint-notification-40961 |
| raw-40962 |
microsoft-evpowershell-str-endpoint-notification-40962 |
| raw-4104 |
microsoft-evpowershell-kv-script-execute-success-4104 |
| raw-4611 |
microsoft-evsecurity-kv-endpoint-notification-trustedlogonprocessregister |
| raw-4611-1 |
microsoft-evsecurity-kv-endpoint-notification-4611 |
| raw-4622 |
microsoft-evsecurity-kv-service-create-success-4622 |
| raw-4624 |
microsoft-evsecurity-kv-endpoint-login-success-4624 |
| raw-4624-1 |
microsoft-evsecurity-str-endpoint-success-successfullylogin |
| raw-4624-10 |
microsoft-evsecurity-kv-endpoint-success-4624-1 |
| raw-4624-2 |
microsoft-evsecurity-kv-endpoint-success-successfullylogin |
| raw-4624-3 |
microsoft-evsecurity-kv-endpoint-success-successfullylogin-1 |
| raw-4624-4 |
microsoft-evsecurity-kv-endpoint-success-successfullylogin-2 |
| raw-4624-5 |
microsoft-evsecurity-kv-endpoint-login-success-4624-2 |
| raw-4624-6 |
microsoft-evsecurity-json-endpoint-4624 |
| raw-4624-7 |
microsoft-evsecurity-kv-endpoint-login-success-4624-3 |
| raw-4624-8 |
microsoft-evsecurity-kv-endpoint-login-success-successfullyloggedon |
| raw-4624-9 |
microsoft-evsecurity-kv-endpoint-success-accountlogin |
| raw-4625 |
microsoft-evsecurity-kv-endpoint-login-fail-4625 |
| raw-4625-1 |
microsoft-evsecurity-kv-endpoint-login-fail-4625-2 |
| raw-4627 |
microsoft-evsecurity-str-endpoint-notification-4627 |
| raw-4627-1 |
microsoft-evsecurity-str-endpoint-notification-logon |
| raw-4634 |
microsoft-evsecurity-kv-endpoint-logout-4634 |
| raw-4634-1 |
microsoft-evsecurity-json-endpoint-logout-success-4634-1 |
| raw-4634-2 |
microsoft-evsecurity-kv-endpoint-logout-loggedoff |
| raw-4647 |
microsoft-evsecurity-kv-endpoint-logout-4647 |
| raw-4648 |
microsoft-evsecurity-kv-user-switch-success-4648-1 |
| raw-4648-1 |
microsoft-evsecurity-kv-user-switch-success-4648 |
| raw-4648-2 |
microsoft-evsecurity-kv-endpoint-login-4648 |
| raw-4648-3 |
microsoft-evsecurity-kv-endpoint-login-success-4648-3 |
| raw-4648-4 |
microsoft-evsecurity-kv-user-switch-success-4648-3 |
| raw-4648-5 |
microsoft-evsecurity-kv-user-switch-success-4648-4 |
| raw-4649 |
microsoft-evsecurity-kv-alert-trigger-success-4649 |
| raw-4656 |
microsoft-evsecurity-kv-handle-request-4656 |
| raw-4656-1 |
microsoft-evsecurity-kv-handle-request-4656-2 |
| raw-4657-1 |
microsoft-evsecurity-str-registry-create-success-4657 |
| raw-4658 |
microsoft-evsecurity-kv-handle-close-4658 |
| raw-4658-1 |
microsoft-evsecurity-kv-handle-close-4658-1 |
| raw-4658-2 |
microsoft-evsecurity-kv-handle-close-4658-2 |
| raw-4658-3 |
microsoft-evsecurity-json-handle-close-timecreatedsystemtime |
| raw-4659 |
microsoft-evsecurity-kv-handle-request-success-4659 |
| raw-4659-1 |
microsoft-evsecurity-cef-handle-request-4659 |
| raw-4659-2 |
microsoft-evsecurity-kv-handle-request-success-4659-1 |
| raw-4660 |
microsoft-evsecurity-str-endpoint-activity-4660 |
| raw-4661 |
microsoft-evsecurity-kv-handle-request-4661 |
| raw-4662 |
microsoft-evsecurity-mix-ds-object-activity-success-4662 |
| raw-4662-1 |
microsoft-evsecurity-kv-ds-object-activity-success-4662 |
| raw-4662-2 |
microsoft-evsecurity-csv-ds-object-activity-success-4662 |
| raw-4662-3 |
microsoft-evsecurity-cef-ds-object-activity-success-4662 |
| raw-4663 |
microsoft-evsecurity-kv-file-success-4663-7 |
| raw-4663-1 |
microsoft-evsecurity-str-file-read-success-4663 |
| raw-4663-10 |
microsoft-evsecurity-json-file-success-accessanobject |
| raw-4663-11 |
microsoft-evsecurity-kv-file-read-success-4663-1 |
| raw-4663-2 |
microsoft-evsecurity-kv-file-success-4663-5 |
| raw-4663-3 |
microsoft-evsecurity-mix-file-success-4663-1 |
| raw-4663-4 |
microsoft-evsecurity-kv-file-success-4663-2 |
| raw-4663-5 |
microsoft-evsecurity-kv-file-read-success-4663-2 |
| raw-4663-6 |
microsoft-evsecurity-kv-file-success-4663-3 |
| raw-4663-7 |
microsoft-evsecurity-kv-file-success-4663-4 |
| raw-4663-8 |
microsoft-evsecurity-kv-file-read-success-4663-3 |
| raw-4663-9 |
microsoft-evsecurity-json-file-read-success-4663-4 |
| raw-4670 |
microsoft-evsecurity-kv-file-permission-modify-4670 |
| raw-4672 |
microsoft-evsecurity-mix-user-privilege-assign-success-4672 |
| raw-4672-1 |
microsoft-evsecurity-json-user-privilege-use-success-computername |
| raw-4672-2 |
microsoft-evsecurity-kv-user-privilege-assign-success-4672-1 |
| raw-4672-3 |
microsoft-evsecurity-csv-user-privilege-modify-success-4672 |
| raw-4673 |
microsoft-evsecurity-kv-user-privilege-assign-success-4673 |
| raw-4673-1 |
microsoft-evsecurity-mix-user-privilege-assign-success-4673 |
| raw-4673-2 |
microsoft-evsecurity-csv-user-privilege-use-success-4673 |
| raw-4674 |
microsoft-evsecurity-mix-user-privilege-use-success-4674 |
| raw-4674-1 |
microsoft-evsecurity-json-user-privilege-use-success-dhn |
| raw-4674-2 |
microsoft-evsecurity-json-user-privilege-use-success-auditing |
| raw-4674-3 |
microsoft-evsecurity-mix-user-privilege-use-success-4674-1 |
| raw-4674-4 |
microsoft-evsecurity-str-user-privilege-use-success-objectserver |
| raw-4674-5 |
microsoft-evsecurity-kv-user-privilege-use-success-4674-1 |
| raw-4675 |
"microsoft-evsecurity-xml-app-notification-4675 |
| raw-4690 |
mcirosoft-evsecurity-kv-handle-copy-4690 |
| raw-4700 |
"microsoft-evsecurity-xml-scheduled-task-create-success-4700-1 |
| raw-4702 |
"microsoft-evsecurity-xml-scheduled-task-modify-4702 |
| raw-4702-1 |
microsoft-evsecurity-cef-scheduled-task-modify-4702 |
| raw-4703 |
microsoft-evsecurity-kv-user-privilege-modify-tokenadjust |
| raw-4717 |
microsoft-evsecurity-kv-user-modify-4717 |
| raw-4718 |
microsoft-evsecurity-kv-user-permission-modify-4718 |
| raw-4719 |
microsoft-evsecurity-mix-audit-policy-modify-success-4719 |
| raw-4723 |
microsoft-evsecurity-mix-user-password-modify-4723 |
| raw-4724 |
microsoft-evsecurity-mix-user-password-reset-success-4724 |
| raw-4727 |
microsoft-evsecurity-kv-group-create-success-4727 |
| raw-4730 |
"microsoft-evsecurity-xml-group-delete-4730 |
| raw-4731 |
microsoft-evsecurity-kv-group-create-success-4731 |
| raw-4735 |
"microsoft-evsecurity-xml-group-modify-success-4735 |
| raw-4735-1 |
microsoft-evsecurity-kv-group-modify-success-4735 |
| raw-4737 |
microsoft-evsecurity-kv-group-modify-success-4737 |
| raw-4738 |
microsoft-evsecurity-mix-ds-object-modify-success-4738 |
| raw-4741 |
microsoft-evsecurity-kv-endpoint-create-created |
| raw-4742 |
microsoft-evsecurity-mix-ds-object-modify-success-4742 |
| raw-4743 |
"microsoft-evsecurity-xml-user-delete-success-4743 |
| raw-4743-1 |
microsoft-evsecurity-kv-user-delete-success-4743-1 |
| raw-4743-2 |
microsoft-evsecurity-kv-user-delete-fail-4743 |
| raw-4754 |
"microsoft-evsecurity-xml-group-create-4754 |
| raw-4755 |
"microsoft-evsecurity-xml-group-modify-success-4755 |
| raw-4755-1 |
microsoft-evsecurity-kv-group-modify-4755 |
| raw-4758 |
"microsoft-evsecurity-xml-group-delete-success-4758 |
| raw-4760 |
"microsoft-evsecurity-xml-group-modify-success-4760-1 |
| raw-4760-1 |
microsoft-evsecurity-kv-group-modify-success-4760 |
| raw-4761 |
microsoft-evsecurity-kv-group-member-add-4761 |
| raw-4762 |
microsoft-evsecurity-kv-group-member-remove-success-4762 |
| raw-4767 |
microsoft-evsecurity-str-user-unlock-success-4767 |
| raw-4768 |
microsoft-evsecurity-kv-endpoint-login-4768 |
| raw-4768-1 |
microsoft-evsecurity-kv-endpoint-login-4768-2 |
| raw-4768-2 |
microsoft-evsecurity-kv-endpoint-login-4768-3 |
| raw-4768-3 |
microsoft-evsecurity-kv-endpoint-login-requested |
| raw-4768-4 |
microsoft-evsecurity-kv-endpoint-login-4768-4 |
| raw-4768-5 |
microsoft-evsecurity-kv-endpoint-4768 |
| raw-4769 |
microsoft-evsecurity-kv-endpoint-login-4769 |
| raw-4769-1 |
microsoft-evsecurity-mix-endpoint-login-4769 |
| raw-4769-2 |
microsoft-evsecurity-kv-endpoint-login-4769-2 |
| raw-4769-3 |
microsoft-evsecurity-kv-endpoint-login-4769-4 |
| raw-4769-4 |
microsoft-evsecurity-kv-endpoint-login-4769-11 |
| raw-4769-5 |
microsoft-evsecurity-json-endpoint-login-4769-5 |
| raw-4769-6 |
microsoft-evsecurity-kv-endpoint-login-4769-12 |
| raw-4769-7 |
microsoft-evsecurity-csv-endpoint-login-4769 |
| raw-4770 |
microsoft-evsecurity-kv-endpoint-login-success-4770 |
| raw-4770-1 |
microsoft-evsecurity-kv-endpoint-login-success-4770-2 |
| raw-4771 |
microsoft-evsecurity-kv-endpoint-login-success-4771 |
| raw-4771-2 |
microsoft-evsecurity-kv-endpoint-login-fail-4771-3 |
| raw-4774 |
microsoft-evsecurity-kv-endpoint-authentication-4774 |
| raw-4776 |
microsoft-evsecurity-kv-endpoint-login-4776-6 |
| raw-4776-1 |
microsoft-evsecurity-kv-endpoint-login-success-4776-2 |
| raw-4776-2 |
microsoft-evsecurity-mix-endpoint-login-success-4776 |
| raw-4776-3 |
microsoft-evsecurity-mix-endpoint-login-validatecredentials |
| raw-4776-4 |
microsoft-evsecurity-kv-endpoint-login-4776-1 |
| raw-4776-5 |
microsoft-evsecurity-kv-endpoint-login-4776-2 |
| raw-4778 |
microsoft-evsecurity-kv-rdp-traffic-success-4778 |
| raw-4778-1 |
microsoft-evsecurity-kv-rdp-traffic-success-4778-1 |
| raw-4779 |
microsoft-evsecurity-mix-endpoint-logout-success-4779 |
| raw-4780 |
microsoft-evsecurity-kv-endpoint-notification-success-4780 |
| raw-4781 |
"microsoft-evsecurity-xml-user-name-modify-4781 |
| raw-4793 |
microsoft-evsecurity-kv-endpoint-notification-4793 |
| raw-4798 |
microsoft-evsecurity-kv-group-list-membershipenumerated |
| raw-4799 |
microsoft-evsecurity-kv-group-member-list-4799 |
| raw-4800 |
microsoft-evsecurity-kv-endpoint-lock-success-4800-1 |
| raw-4801 |
microsoft-evsecurity-kv-endpoint-unlock-success-4801-5 |
| raw-4904 |
"microsoft-evsecurity-xml-audit-policy-modify-4904-2 |
| raw-4905 |
microsoft-evsecurity-mix-audit-policy-modify-4905 |
| raw-4907 |
microsoft-evsecurity-kv-audit-policy-modify-4907 |
| raw-4928 |
microsoft-evadfs-kv-ds-object-create-success-4928 |
| raw-4929 |
microsoft-evadfs-kv-ds-object-delete-success-4929 |
| raw-4931 |
microsoft-evsecurity-str-ds-replication-modify-4931 |
| raw-4932 |
"microsoft-evsecurity-xml-ds-replication-start-4932 |
| raw-4933 |
"microsoft-evsecurity-xml-ds-replication-stop-4933 |
| raw-4954 |
microsoft-evsecurity-str-policy-apply-4954 |
| raw-4964 |
microsoft-evsecurity-str-endpoint-notification-4964 |
| raw-4985 |
microsoft-evsecurity-kv-endpoint-notification-4985 |
| raw-5058 |
microsoft-evsecurity-kv-file-fileoperation |
| raw-5061 |
microsoft-evsecurity-kv-key-cryptographicoperation |
| raw-5136 |
microsoft-evsecurity-mix-ds-object-modify-success-5136-1 |
| raw-5137 |
microsoft-evsecurity-kv-ds-object-create-success-5137 |
| raw-5138 |
microsoft-evsecurity-kv-ds-object-restore-success-5138 |
| raw-5139 |
microsoft-evsecurity-kv-ds-object-move-success-serviceobject |
| raw-5140 |
microsoft-evsecurity-mix-share-access-success-5140 |
| raw-5140-1 |
microsoft-evsecurity-kv-share-access-success-5140-5 |
| raw-5140-2 |
microsoft-evsecurity-kv-share-access-success-5140-6 |
| raw-5141 |
microsoft-evsecurity-kv-ds-object-delete-success-5141 |
| raw-5142 |
microsoft-evsecurity-kv-share-access-success-5142 |
| raw-5143 |
microsoft-evsecurity-kv-share-modify-success-5143 |
| raw-5143-1 |
microsoft-evsecurity-kv-share-access-success-5143 |
| raw-5144 |
microsoft-evsecurity-kv-share-access-success-5144 |
| raw-5145 |
"microsoft-evsecurity-mix-share-access-5145 |
| raw-5145-1 |
microsoft-evsecurity-kv-share-access-5145-1 |
| raw-5145-10 |
microsoft-evsecurity-kv-share-access-success-5145 |
| raw-5145-11 |
microsoft-evsecurity-kv-share-access-5145 |
| raw-5145-2 |
microsoft-evsecurity-kv-share-access-5145-2 |
| raw-5145-3 |
microsoft-evsecurity-kv-share-access-5145-7 |
| raw-5145-4 |
microsoft-evsecurity-json-share-access-hostname |
| raw-5145-5 |
microsoft-evsecurity-json-share-access-5145 |
| raw-5145-6 |
microsoft-evsecurity-mix-share-access-5145 |
| raw-5145-7 |
microsoft-evsecurity-kv-share-access-5145-4 |
| raw-5145-8 |
microsoft-evsecurity-kv-share-access-5145-5 |
| raw-5145-9 |
microsoft-evsecurity-kv-share-access-5145-6 |
| raw-5152 |
microsoft-evsecurity-mix-network-traffic-fail-5152 |
| raw-5152-1 |
microsoft-evsecurity-kv-network-traffic-fail-packetblocked |
| raw-5152-2 |
microsoft-evsecurity-str-network-traffic-fail-5152 |
| raw-5154 |
microsoft-evsecurity-kv-network-listen-5154 |
| raw-5156 |
microsoft-evsecurity-json-mul-network-session-success-5156 |
| raw-5157 |
microsoft-evsecurity-cef-network-session-fail-5157 |
| raw-5157-1 |
microsoft-evsecurity-kv-network-session-fail-blocked-conn |
| raw-528 |
microsoft-evsecurity-kv-endpoint-login-success-528 |
| raw-53504 |
microsoft-evpowershell-str-network-listen-53504 |
| raw-5379 |
microsoft-evsecurity-kv-user-password-read-5379 |
| raw-540 |
microsoft-evsecurity-kv-endpoint-login-success-540 |
| raw-5447 |
microsoft-evsecurity-cef-policy-modify-5447 |
| raw-5478 |
microsoft-evsecurity-kv-service-create-success-5478 |
| raw-552 |
microsoft-evsecurity-json-endpoint-login-success-552 |
| raw-567 |
microsoft-evsecurity-json-file-success-567 |
| raw-5723 |
microsoft-evsystem-str-endpoint-authentication-fail-5723 |
| raw-5805 |
"microsoft-evsystem-xml-endpoint-login-fail-5805-1 |
| raw-6145 |
microsoft-evsecurity-str-policy-apply-fail-6145 |
| raw-627 |
microsoft-evsecurity-kv-user-password-modify-changepasswordattempt |
| raw-628 |
microsoft-evsecurity-kv-user-password-reset-success-accountpasswordset |
| raw-672 |
microsoft-evsecurity-kv-endpoint-login-672 |
| raw-673 |
microsoft-evsecurity-json-endpoint-login-673 |
| raw-674 |
microsoft-evsecurity-json-endpoint-login-success-674 |
| raw-675 |
microsoft-evsecurity-kv-endpoint-login-fail-authfail |
| raw-680 |
microsoft-evsecurity-json-endpoint-login-680-1 |
| raw-7036 |
microsoft-evsystem-str-service-state-modify-7036-3 |
| raw-7036-1 |
microsoft-evsystem-str-service-state-modify-7036-1 |
| raw-7036-2 |
microsoft-evsystem-str-service-state-modify-7036 |
| raw-7036-3 |
microsoft-evsystem-str-service-state-modify-7036-2 |
| raw-7040 |
microsoft-evsystem-json-service-state-modify-7040 |
| raw-7045 |
microsoft-evsystem-str-service-create-success-7045 |
| raw-8004 |
microsoft-evntlm-str-app-authentication-fail-8004 |
| raw-8004-1 |
microsoft-evntlm-kv-endpoint-login-fail-8004 |
| raw-8005 |
microsoft-evntlm-str-app-authentication-fail-8005 |
| raw-8006 |
microsoft-evntlm-str-app-authentication-fail-8006 |
| raw-asa-113004-vpn-start |
cisco-asa-kv-radius-traffic-success-113004-1 |
| raw-asa-113005 |
cisco-asa-str-vpn-login-fail-authentication-rejected |
| raw-asa-113005-1 |
cisco-asa-kv-vpn-login-fail-113005 |
| raw-asa-113005-2 |
cisco-asa-str-vpn-login-fail-authentication-rejected-1 |
| raw-asa-713184-vpn-start |
cisco-asa-str-vpn-login-success-713184 |
| raw-asa-713228-vpn-start |
cisco-asa-str-vpn-login-success-713228 |
| raw-asa-nap-vpn-end |
cisco-asa-str-vpn-logout-success-713259 |
| raw-asa-svc-vpn-end |
cisco-asa-str-vpn-logout-success-113019 |
| raw-asa-svc-vpn-start |
cisco-asa-str-vpn-login-success-722051 |
| raw-checkpoint-firewall-1 |
checkpoint-ngfw-kv-network-traffic-firewall |
| raw-checkpoint-firewall-2 |
checkpoint-ngfw-str-network-traffic-firewall |
| raw-checkpoint-firewall-accept |
checkpoint-ngfw-kv-network-traffic-success-accept-2 |
| raw-checkpoint-firewall-allow |
checkpoint-ngfw-str-network-traffic-success-allow-1 |
| raw-checkpoint-firewall-authcrypt |
checkpoint-ngfw-kv-app-authentication-success-authcrypt |
| raw-checkpoint-firewall-decrypt |
checkpoint-ngfw-kv-app-activity-success-decrypt-2 |
| raw-checkpoint-firewall-drop |
checkpoint-ngfw-kv-network-traffic-fail-drop-1 |
| raw-checkpoint-firewall-encrypt |
checkpoint-ngfw-kv-app-activity-success-encrypt-2 |
| raw-checkpoint-firewall-monitor |
checkpoint-ngfw-kv-alert-trigger-monitor |
| raw-cisco-vpnconcentrator-end |
cisco-asa-kv-vpn-logout-success-28 |
| raw-cisco-vpnconcentrator-start |
cisco-asa-kv-vpn-login-success-connected |
| raw-defender-av-1116 |
microsoft-defenderep-kv-alert-trigger-success-1116-1 |
| raw-defender-av-5007 |
microsoft-defenderep-kv-configuration-modify-success-5007 |
| raw-failed-logon-2003 |
microsoft-evsecurity-kv-endpoint-login-fail-logonfailure |
| raw-juniper-failed-vpn-login |
"juniper-ps-cef-vpn-login-fail-loginfailed |
| raw-juniper-nwc-vpn-authfailed |
juniper-ps-mix-vpn-login-fail-authenticationfailed |
| raw-juniper-nwc-vpn-authsuccess |
juniper-ps-mix-vpn-login-success-authenticationsuccessful |
| raw-juniper-nwc-vpn-authsuccess-1 |
juniper-ps-kv-vpn-login-success-sso |
| raw-juniper-nwc-vpn-connected |
"juniper-ps-cef-vpn-login-success-connected-2 |
| raw-juniper-nwc-vpn-end |
"juniper-ps-cef-vpn-logout-success-ended |
| raw-juniper-nwc-vpn-hostfailed |
juniper-ps-str-vpn-login-fail-hostfailed |
| raw-juniper-nwc-vpn-resume |
juniper-ps-str-vpn-login-success-resume |
| raw-juniper-nwc-vpn-start |
"juniper-ps-json-vpn-login-success-started |
| raw-juniper-nwc-vpn-terminated |
"juniper-ps-cef-vpn-logout-success-terminated |
| raw-member-added-2003 |
microsoft-evsecurity-kv-group-member-add-success-securityenabled |
| raw-member-added-2008 |
microsoft-evsecurity-kv-group-member-add-success-memberwasadded |
| raw-member-removed-2003 |
microsoft-evsecurity-str-group-member-remove-success-memberremoved |
| raw-member-removed-2008 |
microsoft-evsecurity-kv-group-member-remove-success-computer |
| raw-member-removed-2008-1 |
microsoft-evsecurity-json-group-member-remove-success-memberwasremoved |
| raw-member-removed-2008-2 |
microsoft-evsecurity-json-group-member-remove-success-memberremoved-1 |
| raw-member-removed-2008-3 |
"microsoft-evsecurity-xml-group-member-remove-success-memberremoved |
| raw-netscaler-events |
citrix-cgateway-cef-app-activity-79916606 |
| raw-netscaler-ica-login |
citrix-cgateway-str-vpn-login-success |
| raw-netscaler-vpn-start |
citrix-cgateway-str-app-login-success-sslvpnlogin |
| raw-netscaler-vpn-stop |
citrix-cgateway-str-vpn-logout-success-logout |
| raw-object-access-5058 |
microsoft-evsecurity-str-file-5058 |
| raw-object-access-5059 |
microsoft-evsecurity-kv-key-migrate-5059 |
| raw-object-access-5061 |
microsoft-evsecurity-kv-key-5061 |
| raw-pan-failed-vpn-login |
pan-gp-csv-vpn-login-fail-loginfailure |
| raw-pan-vpn-app-activity |
pan-gp-cef-app-activity-success-globalprotect |
| raw-pan-vpn-end |
"pan-gp-leef-vpn-logout-success-succeeded |
| raw-pan-vpn-end-2 |
pan-gp-csv-vpn-logout-success-logout-2 |
| raw-pan-vpn-login |
pan-gp-csv-vpn-login-success-connected |
| raw-pan-vpn-login-1 |
pan-gp-json-vpn-login-success-success |
| raw-pan-vpn-set-ip |
pan-gp-csv-vpn-login-success-generated |
| raw-pan-vpn-start |
pan-gp-csv-vpn-login-success-loginsucceeded |
| raw-pan-vpn-start-2 |
pan-gp-csv-vpn-login-success-login |
| raw-pix-106015 |
cisco-pix-str-network-traffic-fail-106015 |
| raw-pix-106023 |
cisco-pix-str-network-traffic-fail-106023 |
| raw-pix-302013 |
cisco-pix-str-network-session-success-302013 |
| raw-pix-302014 |
cisco-pix-str-network-session-fail-302014 |
| raw-pix-302015 |
cisco-pix-str-network-session-success-302015 |
| raw-pix-302016 |
cisco-pix-str-network-session-fail-302016 |
| raw-pix-302020 |
cisco-pix-str-network-start-success-302020 |
| raw-pix-302021 |
cisco-pix-str-network-session-fail-302021 |
| raw-pix-305009 |
cisco-pix-str-app-notification-success-305009 |
| raw-powershell-400 |
microsoft-evpowershell-str-endpoint-notification-400 |
| raw-powershell-600 |
microsoft-evsecurity-kv-process-create-success-600 |
| raw-process-created |
microsoft-evsecurity-mix-process-create-success-created |
| raw-process-created-1 |
microsoft-evsecurity-kv-process-create-success-created-1 |
| raw-protectwise-alert |
protectwise-ndr-kv-alert-trigger-success-protectwiseemitter |
| raw-scep-alert |
microsoft-defenderep-kv-alert-trigger-success-detection |
| raw-scep-epp-alert |
microsoft-defenderep-kv-alert-trigger-success-systemcenterep |
| raw-scep-epp-alert-csv |
microsoft-defenderep-csv-alert-trigger-success-systemcenter |
| raw-ssh-login |
unix-unix-mix-ssh-traffic-success-ssh2accepted |
| raw-sysmon-process-network |
"microsoft-sysmon-xml-network-session-success-3 |
| raw-unix-account-created |
unix-unix-kv-user-create-success-useradd |
| raw-unix-account-deleted |
unix-unix-str-user-delete-success-deleteuser |
| raw-unix-account-deleted-1 |
unix-unix-str-user-delete-success-deleteuser-1 |
| raw-unix-dhcp |
unix-dhcpd-str-dhcp-session-success-dhcprequest |
| raw-unix-dhcp-forwardmap |
unix-dhcpd-str-dhcp-session-success-forwardmap |
| raw-unix-dhcp-reversemap |
unix-dhcpd-str-dhcp-session-success-reversemap |
| raw-unix-dns-appliedadd |
unix-unix-str-dhcp-session-success-appliedadd |
| raw-unix-member-added-1 |
unix-unix-str-group-member-add-success-gpasswd |
| raw-unix-member-added-2 |
unix-unix-str-group-member-add-success-usermod |
| raw-unix-member-removed |
unix-unix-str-group-member-remove-success-removed |
| raw-unix-password-change |
unix-unix-mix-user-password-modify-success-passwordchanged |
| raw-unix-process-created |
unix-unix-kv-process-create-success-command |
| raw-unix-su |
unix-unix-mix-user-switch-success-susession |
| raw-unix-sudo |
unix-unix-mix-user-switch-success-sudo |
| raw-vpn-end |
juniper-ps-str-vpn-logout-success-logout |
| raw-vpn-start |
juniper-ps-str-vpn-login-success-succeeded |
| raw-vpn-start-1 |
juniper-ps-str-vpn-login-success-pulsesecure |
| raw-vpn-timeout |
juniper-ps-str-vpn-logout-success-timeout |
| raw-windows-21 |
microsoft-evterminalservicesgateway-kv-endpoint-login-success-sessionlogon |
| raw-windows-account-4720 |
microsoft-evsecurity-kv-user-create-success-4720-1 |
| raw-windows-account-4722 |
microsoft-evsecurity-mix-user-enable-success-4722 |
| raw-windows-account-4725 |
microsoft-evsecurity-mix-user-disable-success-4725 |
| raw-windows-account-4726 |
microsoft-evsecurity-mix-user-delete-success-4726 |
| raw-windows-account-4740 |
microsoft-evsecurity-mix-user-lock-success-4740 |
| raw-windows-account-624 |
microsoft-evsecurity-kv-user-create-success-624 |
| raw-windows-account-629 |
microsoft-evsecurity-kv-user-disable-success-629 |
| raw-windows-account-630 |
microsoft-evsecurity-kv-user-delete-success-630 |
| raw-windows-account-644 |
microsoft-evsecurity-json-user-lock-success-644 |
| raw-windows-powershell-4105 |
microsoft-evpowershell-str-script-execute-4105 |
| raw-windows-powershell-4106 |
microsoft-evpowershell-str-endpoint-notification-4106 |
| rdirectory-account-created |
"namespacerdirectory-nrd-xml-user-create-success-createuser |
| rdirectory-account-deleted |
"namespacerdirectory-nrd-xml-user-delete-success-rdirectorydelete |
| rdirectory-account-disable |
"namespacerdirectory-nrd-xml-user-disable-success-disableaccount |
| rdirectory-account-enable |
"namespacerdirectory-nrd-xml-user-enable-success-modified |
| rdirectory-member-added |
"namespacerdirectory-nrd-xml-group-member-add-success-memberadd |
| rdirectory-object-modification |
"namespacerdirectory-nrd-xml-ds_object-activity-success-modifyuser |
| rdirectory-password-change |
"namespacerdirectory-nrd-xml-user-password-modify-success-modifiedby |
| rdp-vectra-meta-data |
vectra-cs-kv-rdp-traffic-success-metadatardp |
| redcanary-security-alert |
redcanary-rc-kv-alert-trigger-success-headline |
| redcloud-physical-badge-access |
redcloud-aacm-cef-physical-location-access-credential |
| remotelyanywhere-remote-login |
logmein-ra-json-endpoint-login-success-raloginsuccess |
| remotelyanywhere-remote-logout |
logmein-ra-kv-endpoint-logout-success-policyname |
| rs-4624 |
microsoft-evsecurity-kv-endpoint-4624 |
| rs-4625 |
microsoft-evsecurity-kv-endpoint-login-fail-4625-3 |
| rs2-badge-access |
rs2-t-kv-physical-location-access-eventlocation |
| rs2-badge-failed-physical-access-1 |
"rs2-t-xml-physical_location-access-fail-accessdenied |
| rs2-badge-failed-physical-access-2 |
"rs2-t-xml-physical-location-access-fail-elevatoraccessdenied |
| rs2-badge-physical-access-1 |
"rs2-t-xml-physical-location-access-success-accessgranted |
| rs2-badge-physical-access-2 |
"rs2-t-xml-physical-location-access-success-elevatoraccessgranted |
| rs2-physical-access |
rs2-r-str-physical-location-access-lname |
| rsa-app-activity |
rsa-ram-kv-app-authentication-success-userstepup |
| rsa-app-activity-1 |
rsa-ram-kv-app-logout-success-sessiontimeout |
| rsa-app-activity-2 |
rsa-ram-kv-app-authentication-success-decisionpoint |
| rsa-app-activity-3 |
rsa-ram-kv-user-modify-success-condition |
| rsa-app-login |
dell-ram-kv-app-login-success-userprotectedappauth |
| rsa-app-login-1 |
rsa-ram-kv-app-login-success-singlepoint |
| rsa-app-login-2 |
rsa-ram-kv-app-login-success-userlogin |
| rsa-auth-failed |
rsa-ram-kv-app-authentication-fail-singlepoint |
| rsa-auth-failed-1 |
rsa-ram-kv-app-authentication-fail-userprotected |
| rsa-auth-result |
rsa-raa-str-app-authentication-authresult |
| rsa-auth-successful-1 |
dell-rsaauthmngr-kv-endpoint-authentication-userlogin |
| rsa-auth-successful-2 |
dell-rsaauthmngr-kv-endpoint-authentication-userauthn |
| rsa-auth-successful-3 |
dell-rsaauthmngr-kv-endpoint-authentication-userstepup |
| rsa-auth-successful-4 |
rsa-ram-kv-app-authentication-success-radius |
| rsa-auth-successful-5 |
rsa-ram-kv-app-authentication-success-userauthenticated |
| rsa-auth-successful-6 |
rsa-ram-kv-app-authentication-success-userauthenticated-1 |
| rsa-authentication-attempt |
rsa-ram-csv-app-authentication-success-validuser |
| rsa-authentication-attempt-1 |
rsa-ram-csv-app-authentication-success-request |
| rsa-authentication-successful |
rsa-ram-csv-endpoint-authentication-success-validuser |
| rsa-authentication-successful-1 |
rsa-ram-csv-endpoint-authentication-success-authorizationsuccess |
| rsa-device-id-created |
rsa-ram-str-app-notification-success-aaopaudit |
| rsa-device-id-recovered |
rsa-raa-str-app-notification-success-idrecovered |
| rsa-device-token-header-mismatch |
rsa-raa-str-app-authentication-fail-tokenheadermismatch |
| rsa-dlp-alert |
rsa-dlp-kv-alert-trigger-success-glba |
| rsa-dlp-email-alert |
rsa-dlp-kv-email-send-success-smtp |
| rsa-enroll-completed |
rsa-raa-str-app-register-success-enrollcompleted |
| rsa-enroll-start |
rsa-raa-str-app-register-success-enrollstart |
| rsa-failed-app-login |
dell-rsaauthmngr-kv-app-login-fail-notauth |
| rsa-group-membership |
rsa-ram-csv-app-notification-success-notingroup |
| rsa-locking-out-user-id |
rsa-raa-str-user-lock-success-lockingoutuserid |
| rsa-logout |
rsa-ram-kv-app-logout-success-userlogout |
| rsa-netflow-connection |
rsa-r-cef-network-traffic-success-flowdata |
| rsa-risk-analysis |
rsa-raa-str-app-notification-success-riskanalysis |
| rsa-securid-auth-fail |
rsa-securid-kv-endpoint-login-fail-tokenauth |
| rsa-securid-auth-success |
rsa-securid-kv-endpoint-login-success-acceptaccess |
| rsa-system-info |
rsa-ram-csv-app-notification-success-resourcecheck |
| rsa-system-info-1 |
rsa-ram-csv-app-notification-success-servertest |
| rsa-system-info-2 |
rsa-ram-csv-app-notification-success-checkresource |
| rsa-system-info-3 |
rsa-ram-csv-app-notification-success-validgroup |
| rsa-system-info-4 |
rsa-ram-kv-service-app-radiusservicestatus |
| rsa-system-info-5 |
rsa-ram-str-configuration-routing-modify-success-systemconfig |
| rsa-system-info-6 |
rsa-ram-kv-configuration-modify-success-confighost |
| rsa-system-info-7 |
rsa-ram-str-configuration-modify-success-configupdate |
| rsa-user-bound |
rsa-raa-str-user-modify-success-userbound |
| rsa-user-challenged |
rsa-raa-str-app-authentication-success-userchallenged |
| rsa-user-confirmed-chl-maint |
rsa-raa-str-app-authentication-success-confirmedchlmaint |
| rsa-user-group-changed |
rsa-raa-str-group-member-move-success-groupchanged |
| rsa-user-id-locked-out |
rsa-ram-str-user-lock-success-idlockedout |
| rsa-user-id-not-found |
rsa-raa-str-app-authentication-fail-idnotfound |
| rsa-user-signin |
rsa-raa-str-app-login-success-signin |
| rsa-user-unbound |
rsa-raa-str-user-modify-success-unbound |
| rsa-vpn-end |
rsa-securid-kv-vpn-logout-success-sessionremoved |
| rstudio-app-login |
rstudio-rserver-sk4-app-login-success-authlogin |
| rstudio-app-logout |
rstudio-rserver-sk4-app-logout-success-authlogout |
| rsyslogd-system-info |
rsyslogdpstats-rp-kv-app-notification-success-imptcp |
| rubrik-account-creation |
rubrik-cdm-kv-user-create-success-createlocaluser |
| rubrik-app-login |
rubrik-cdm-kv-app-login-success-loggedin |
| rubrik-app-login-1 |
rubrik-cdm-kv-app-login-success-loggedin-1 |
| rubrik-app-logout |
rubrik-cdm-kv-app-logout-audit |
| rubrik-privileged-access |
rubrik-cdm-kv-user-privilege-assign-success-assignedroles |
| rubrik-system-info |
rubrik-cdm-kv-app-activity-replication |
| rundeck-app-activity |
rundeck-r-kv-app-notification-success-rundeckauditqa |