| u-4688 |
microsoft-evsecurity-kv-process-create-success-4688-2 |
| u-680 |
microsoft-evsecurity-kv-endpoint-login-680-2 |
| u-duo-auth-json |
cisco-duo-kv-endpoint-authentication-auth |
| u-google-app-login |
google-workspace-json-app-login-success-authorize |
| u-google-auth-failed |
google-workspace-cef-app-login-fail-failure |
| u-google-auth-successful |
google-workspace-cef-app-login-success-loginsuccess |
| u-googlecalendar-app-activity |
google-workspace-json-app-activity-success-calendar |
| u-googledrive-file-activity |
google-workspace-cef-file-success-drive |
| u-googledrive-file-permission-change |
google-workspace-cef-file-permission-modify-success-aclchange |
| u-mcafee-epo-alert |
"mcafee-es-xml-alert-trigger-success-analyzerversion |
| u-member-added-2008 |
microsoft-evsecurity-kv-group-member-add-success-47-1 |
| u-member-removed-2008 |
microsoft-evsecurity-json-group-member-remove-success-47 |
| u-okta-app-login |
okta-amfa-kv-app-login-success-singlesignon |
| u-okta-failed-app-login |
okta-amfa-kv-app-login-fail-signinfailure |
| unix-access-control |
unix-unix-sk4-endpoint-authentication-credacq |
| unix-access-control-2 |
unix-unix-sk4-endpoint-authentication-creddisp |
| unix-access-control-3 |
unix-unix-sk4-endpoint-authentication-credrefr |
| unix-access-control-4 |
unix-unix-sk4-endpoint-authentication-useracct |
| unix-account-created |
unix-unix-kv-user-create-useradd |
| unix-account-created-1 |
unix-unix-str-group-member-add-success-useradd |
| unix-account-created-failed |
unix-unix-str-user-create-fail-failedaddinguser |
| unix-account-deleted |
unix-unix-str-user-delete-userdel |
| unix-account-keyinit |
unix-unix-str-user-switch-success-userswitch |
| unix-account-lockout |
unix-unix-str-user-delete-fail-auth |
| unix-account-switch-1 |
unix-unix-cef-user-switch-success-userstart |
| unix-account-switch-json |
unix-unix-json-user-switch-success-session |
| unix-app-activity |
unix-unix-str-app-activity-sftp |
| unix-app-activity-2 |
unix-unix-kv-app-notification-alertcertificate |
| unix-app-activity-3 |
unix-unix-kv-app-notification-unknowncommand |
| unix-app-activity-4 |
unix-unix-kv-network-close-stopssl |
| unix-app-activity-5 |
unix-unix-kv-app-notification-sslversioninfo |
| unix-as |
unix-unix-str-user-switch-success-pam_unix |
| unix-audispd-remote-logon |
unix-unix-kv-endpoint-login-userlogin |
| unix-audispd-remote-logon-1 |
unix-unix-kv-endpoint-login-userstart |
| unix-audispd-system-info |
unix-unix-kv-endpoint-notification-proctitle |
| unix-auditd-account-created |
unix-auditd-kv-user-create-success-adduser |
| unix-auditd-account-created-id |
unix-auditd-kv-user-create-success-addgroup |
| unix-auditd-account-deleted |
unix-auditd-kv-user-delete-success-deleteuser |
| unix-auditd-account-switch |
unix-auditd-kv-user-switch-success-sessionopen |
| unix-auditd-account-switch-1 |
unix-unixauditd-json-user-switch-success-sessionopen |
| unix-auditd-cred-refr |
unix-ad-kv-endpoint-authentication-credrefr |
| unix-auditd-grp-pw-change |
unix-unixauditd-kv-user-password-modify-success-grpmgmt |
| unix-auditd-login |
unix-unix-kv-ssh-traffic-sshuserauth |
| unix-auditd-login-1 |
unix-unixauditd-json-endpoint-login-authentication |
| unix-auditd-login-2 |
unix-unix-kv-endpoint-login-success-userauth |
| unix-auditd-member-added |
unix-unix-kv-group-member-add-success-auditd |
| unix-auditd-member-added-2 |
unix-ad-kv-group-member-add-success-usermgmt |
| unix-auditd-member-added-3 |
unix-unix-kv-group-member-add-success-auditd-1 |
| unix-auditd-member-removed |
unix-unixauditd-kv-group-member-remove-success-usermgmt |
| unix-auditd-password |
unix-ad-kv-user-password-success-changepassword |
| unix-auditd-setcred |
unix-ad-kv-endpoint-authentication-credacq |
| unix-auditd-setcred-2 |
unix-ad-kv-endpoint-authentication-creddisp |
| unix-auditd-user-acct |
unix-ad-kv-endpoint-authentication-accounting |
| unix-auditd-user-end |
unix-auditd-kv-endpoint-logout-userend |
| unix-auth-attempt |
unix-unix-str-endpoint-authentication-check |
| unix-auth-event-1 |
unix-unix-str-endpoint-login-success-authsucceede |
| unix-auth-event-2 |
unix-unix-kv-endpoint-login-success-httpd |
| unix-auth-failed |
unix-unix-str-endpoint-login-fail-check |
| unix-auth-failed-1 |
unix-unix-kv-endpoint-login-fail-su |
| unix-auth-failed-2 |
unix-unixauditd-kv-endpoint-login-fail-authenticationfailure |
| unix-auth-failed-3 |
unix-unix-kv-endpoint-login-fail-passwd |
| unix-auth-failed-4 |
unix-unix-str-endpoint-login-fail-expiredpassword |
| unix-auth-failed-5 |
unix-unix-kv-endpoint-login-fail-ruser |
| unix-authentication-fail |
unix-unix-str-endpoint-login-fail-user |
| unix-authentication-failed-1 |
unix-unix-str-endpoint-login-fail-failedpamweblogin |
| unix-authentication-successful |
unix-unix-str-endpoint-login-success-successfulpamweblogin |
| unix-change-file-ownership-failed |
unix-unix-kv-file-owner-modify-success-invalidgroup |
| unix-dlp-email-out |
unix-unix-kv-email-send-success-smtp |
| unix-failed-identification |
unix-unix-str-endpoint-authentication-sshdnotreceiveid |
| unix-failed-logon-1 |
unix-unix-str-endpoint-login-fail-invaliduser-1 |
| unix-failed-logon-10 |
unix-unix-str-endpoint-login-fail-unablesshd |
| unix-failed-logon-11 |
unix-unix-str-endpoint-login-fail-noauth |
| unix-failed-logon-12 |
unix-unix-str-endpoint-login-fail-authfail |
| unix-failed-logon-13 |
unix-unix-str-endpoint-login-fail-failedtologin |
| unix-failed-logon-2 |
unix-unix-str-endpoint-login-fail-failedpasswordfor |
| unix-failed-logon-3 |
unix-unix-str-endpoint-login-fail-failedpassword |
| unix-failed-logon-4 |
unix-unix-str-endpoint-login-fail-failpass |
| unix-failed-logon-5 |
unix-unix-str-endpoint-login-fail-failedpublickeyfor |
| unix-failed-logon-6 |
unix-unix-str-endpoint-login-fail-maxauth |
| unix-failed-logon-7 |
unix-unix-str-endpoint-login-fail-manyauthfail |
| unix-failed-logon-8 |
unix-unix-str-endpoint-login-fail-sshfail |
| unix-failed-logon-9 |
unix-unix-kv-endpoint-login-fail-logindenied |
| unix-file-operation |
unix-unix-kv-file-success-objtype |
| unix-file-permission-denied |
unix-ad-kv-endpoint-notification-permissioncheck |
| unix-file-permission-denied-2 |
unix-unix-sk4-endpoint-notification-avc |
| unix-group-added |
unix-unix-kv-group-member-add-success-groupadd |
| unix-group-change |
unix-unix-str-group-modify-groupmod |
| unix-group-change-1 |
unix-unix-str-group-delete-success-groupdel |
| unix-group-change-2 |
unix-unix-str-group-create-success-groupadd |
| unix-local-logon |
unix-unix-str-endpoint-login-success-startedsession |
| unix-local-logon-1 |
unix-unix-kv-endpoint-login-success-auid |
| unix-local-logon-2 |
unix-unix-cef-endpoint-login-success-login |
| unix-logout |
unix-unix-str-endpoint-logout-success-sessionlogout |
| unix-logout-1 |
unix-unix-str-endpoint-logout-sshclosedconnection |
| unix-logout-10 |
unix-unix-kv-ftp-close-success-timeoutsession |
| unix-logout-2 |
unix-unix-str-endpoint-logout-sshconnectionclosed |
| unix-logout-3 |
unix-unix-str-endpoint-logout-success-loggedoutfrom |
| unix-logout-4 |
unix-unix-str-endpoint-logout-success-sshsdisconnect |
| unix-logout-5 |
unix-unix-str-endpoint-logout-success-loggedout |
| unix-logout-6 |
unix-unix-kv-ftp-close-ftporsslconnectionclosed |
| unix-logout-7 |
unix-unix-str-network-close-ftpconnectionclosed |
| unix-logout-8 |
unix-unix-str-endpoint-logout-sshfailedtostart |
| unix-logout-9 |
unix-unix-kv-ftp-close-success-connectionaborted |
| unix-member-added |
unix-unix-str-group-member-add-success-usermod-1 |
| unix-netfilter-audit-info |
unix-ad-kv-endpoint-notification-netfiltercfg |
| unix-network-connection |
unix-unix-str-network-start-snmpd |
| unix-network-connection-failed |
unix-unix-str-network-traffic-fail-packetsendfail |
| unix-network-connection-failed-1 |
unix-unix-str-network-close-unexpectedmessage |
| unix-pam-ssh-login |
unix-unix-kv-endpoint-login-sshdauth |
| unix-password-change |
unix-unix-str-user-password-modify-success-changeuser |
| unix-password-change-1 |
unix-unix-str-user-password-modify-success-changepasswd |
| unix-password-change-2 |
unix-unix-str-user-password-modify-success-chage |
| unix-password-change-3 |
unix-unix-str-user-password-modify-success-keyring |
| unix-password-change-4 |
unix-unix-str-user-password-modify-fail-keyringpassword |
| unix-priv-command-5 |
unix-unix-str-process-create-success-executed |
| unix-process-created |
delinea-centrifyis-kv-process-create-success-unixname |
| unix-process-created-1 |
unix-unix-cef-process-create-success-syscall |
| unix-process-created-failed |
unix-unix-cef-process-create-fail-syscall |
| unix-process-creation-failure |
unix-ad-kv-process-create-fail-syscall |
| unix-remote-access |
unix-unix-kv-endpoint-login-success-logonsuccess |
| unix-remote-logon-1 |
unix-unix-kv-ssh-traffic-success-sftpstarted |
| unix-remote-logon-2 |
unix-unix-str-endpoint-login-success-shelllogin |
| unix-remote-logon-3 |
unix-unix-str-endpoint-login-success-sshsconnect |
| unix-remote-logon-4 |
unix-unix-str-endpoint-authentication-success-acceptedpassword |
| unix-remote-logon-5 |
unix-unix-kv-ftp-start-ftps |
| unix-remote-logon-6 |
unix-unix-kv-ftp-start-ftp |
| unix-secureworks-security-alert |
secureworks-isensor-kv-alert-trigger-success-useragentdetected |
| unix-security-alert |
unix-unix-str-alert-trigger-sshdbreakinattempt |
| unix-smbd-file-share-outcome |
unix-unix-str-endpoint-authentication-smbdunabletovalidate |
| unix-ssh-fail-38 |
unix-unix-str-endpoint-login-fail-ssh38 |
| unix-ssh-login |
unix-unix-kv-ssh-traffic-success-completedauth |
| unix-ssh-login-2 |
unix-unix-str-endpoint-login-sshconnectionestablished |
| unix-ssh-login-failed |
unix-unix-str-endpoint-authentication-sshdnotreceiveid |
| unix-ssh-login-failed-1 |
unix-unix-str-endpoint-login-sshdrefusedconnect |
| unix-ssh-login-failed-2 |
unix-unix-str-endpoint-login-fail-sshdauthfailed |
| unix-ssh-login-failed-json |
unix-unix-json-endpoint-login-fail-sshd |
| unix-ssh-login-failed-json-1 |
unix-unix-json-endpoint-login-fail-unabletonegotiate |
| unix-ssh-login-json |
unix-unix-mix-endpoint-login-success-acceptedpublickeyfor |
| unix-ssh-login-json-1 |
unix-unix-sk4-endpoint-login-success-linuxsyslogevent |
| unix-ssh-logout |
unix-unix-str-endpoint-logout-disconnected |
| unix-ssh-logout-1 |
unix-unix-str-endpoint-logout-sshdreceiveddisconnect |
| unix-ssh-logout-2 |
unix-unix-str-endpoint-logout-sshdconnectionclosed |
| unix-ssh-logout-3 |
unix-unix-str-endpoint-logout-sshddisconnected |
| unix-sshd-fail-34 |
unix-unix-str-endpoint-activity-fail-sshdfatal |
| unix-sshd-logout-1 |
unix-unix-str-endpoint-logout-success-connectionclosed |
| unix-sshd-logout-2 |
unix-unix-str-endpoint-logout-success-receiveddisconnect |
| unix-su |
unix-unix-str-endpoint-notification-pamunix |
| unix-su-1 |
unix-unix-str-endpoint-notification-auth |
| unix-su-37 |
unix-unix-str-user-switch-success-messageforwarded |
| unix-system-event-1 |
unix-unix-kv-endpoint-activity-success-shellcmd |
| unix-system-event-2 |
unix-unix-str-app-notification-success-stpnotifiedtc |
| unix-system-event-3 |
unix-unix-kv-endpoint-activity-fail-shellcmdmatchfail |
| unix-system-event-4 |
unix-unix-str-app-notification-success-phonymodule |
| unix-system-event-5 |
unix-unix-str-app-notification-success-loginfo |
| unix-system-event-6 |
unix-unix-str-endpoint-time-modify-success-stratumchanged |
| unix-system-event-7 |
unix-unix-str-endpoint-notification-success-statistics |
| unix-system-event-8 |
unix-unix-str-app-notification-success-drvdebug |
| unix-system-events |
unix-unix-str-endpoint-activity-system |
| unix-system-info |
unix-unix-mix-endpoint-logout-sessionclosed |
| unix-system-info-1 |
unix-unix-str-endpoint-notification-passwordexpire |
| unix-system-info-10 |
unix-unix-str-endpoint-activity-success-rgmanager |
| unix-system-info-11 |
unix-unix-str-endpoint-login-sshdconnectionfrom |
| unix-system-info-12 |
unix-unix-str-app-activity-sftp-server |
| unix-system-info-13 |
unix-unix-kv-endpoint-activity-success-postfix |
| unix-system-info-14 |
unix-unix-str-endpoint-notification-sshdset |
| unix-system-info-15 |
unix-unix-str-scheduled-task-start-anacron |
| unix-system-info-16 |
unix-unix-str-endpoint-notification-kernelusb |
| unix-system-info-17 |
"unix-unix-str-scheduled-task-start-anacronjob |
| unix-system-info-2 |
unix-unix-kv-endpoint-activity-success-puppetagent |
| unix-system-info-20 |
unix-unix-sk4-service-stop-success-servicestop |
| unix-system-info-21 |
unix-unix-sk4-endpoint-logout-success-sessionclose |
| unix-system-info-3 |
unix-unix-str-endpoint-authentication-sshderrorretrieve |
| unix-system-info-4 |
unix-unix-str-endpoint-activity-success-chroot |
| unix-system-info-5 |
unix-unix-str-user-modify-usermod |
| unix-system-info-6 |
unix-unix-str-app-activity-gofer |
| unix-system-info-7 |
unix-unix-kv-endpoint-notification-success-powerpath |
| unix-system-info-8 |
unix-unix-str-endpoint-activity-kernel |
| unix-system-info-9 |
"unix-unix-str-smtp-close-lostconnection |
| unix-system-info-audit |
unix-unix-kv-endpoint-activity-success-auditid |
| unix-system-info-auditd |
unix-ad-str-endpoint-activity-auditd |
| unix-system-info-cron |
unix-unix-str-endpoint-notification-success-cron |
| unix-system-info-crond |
"unix-unix-str-scheduled-task-start-crond |
| unix-system-info-rsyslogd-2177 |
unix-rsyslog-str-network-notification-2177 |
| unix-system-info-sshd |
"unix-unix-str-endpoint-login-sshdsessionopen |
| unix-system-info-stat |
unix-unix-json-endpoint-activity-success-command |
| unix-system-info-su |
unix-unix-str-user-switch-su |
| unix-system-info-sudo |
unix-unix-str-endpoint-activity-sudo |
| unix-system-info-systemd |
unix-unix-str-endpoint-activity-systemd |
| unix-system-info-unix |
unix-unix-str-endpoint-activity-success-unixid |
| unix-system_info-18 |
unix-unix-sk4-endpoint-notification-proctitle |
| unix-system_info-19 |
unix-unix-sk4-service-start-servicestart |
| unix-xinetd-info |
unix-unix-str-app-activity-xinetd |
| unix-xntpd-30 |
unix-unix-str-endpoint-time-modify-synchronized |
| upm-account-switch |
unix-privmgmt-str-user-switch-success-acceptedsu |
| upm-failed-account-switch |
unix-privmgmt-kv-user-switch-fail-upmlog |
| ur-authmgr-account-lockout |
dell-rsaauthmngr-csv-user-lock-success-authlockout |
| ur-authmgr-auth-failed |
dell-rsaauthmngr-csv-endpoint-login-fail-13002 |
| ur-authmgr-auth-failed-addition |
dell-rsaauthmngr-csv-endpoint-login-fail-auth |
| ur-authmgr-auth-successful |
dell-rsaauthmngr-csv-endpoint-login-success-13002 |
| usb-file-write |
usb-u-csv-peripheral-storage-activity-success-activity |