| watchguard-event-2 |
watchguard-w-kv-network-traffic-firewall-1 |
| watchguard-event-3 |
watchguard-w-kv-network-traffic-firewall-2 |
| watchguard-system-info |
watchguard-w-str-app-notification-appinfo |
| watchguard-web-activity |
watchguard-w-kv-http-session-success-httprequest |
| watchguard-web-activity-1 |
watchguard-w-kv-http-session-httpsrequest |
| watchguard-web-activity-2 |
watchguard-w-kv-http-session-success-proxyallow |
| watchguard-web-activity-deny |
watchguard-w-kv-http-session-fail-proxydeny |
| watchguard-web-activity-drop |
watchguard-w-kv-http-session-fail-proxydrop |
| wazuh-4624 |
microsoft-evsecurity-json-endpoint-login-success-4624-5 |
| wazuh-4625 |
wazuh-evsecurity-kv-endpoint-login-fail-4625 |
| wazuh-4634 |
microsoft-evsecurity-json-endpoint-logout-success-4634-2 |
| wazuh-4656 |
microsoft-evsecurity-json-handle-request-success-4656 |
| wazuh-4673 |
microsoft-evsecurity-json-user-privilege-use-success-wazuhalerts |
| wazuh-4738 |
microsoft-evsecurity-json-ds-object-modify-success-4738-1 |
| wazuh-4767 |
microsoft-evsecurity-json-user-unlock-success-4767-3 |
| wazuh-4776 |
microsoft-evsecurity-json-endpoint-login-windows |
| wazuh-4779 |
microsoft-evsecurity-json-endpoint-logout-success-4779-1 |
| wazuh-general-catch-all |
wazuh-w-json-endpoint-activity-success-wazuhalerts |
| wazuh-kernel-usb-insert |
wazuh-w-json-peripheral_storage-insert-success-wazuhalerts |
| wazuh-ossec-rootcheck-alert |
ossec-o-json-alert-trigger-success-anomalydetection |
| wazuh-pam-auth-fail |
unix-unix-json-endpoint-authentication-fail-userloginfail |
| wazuh-ping-app-login-2 |
pingidentity-pi-json-app-login-success-sso-1 |
| wazuh-ping-auth-attempt |
pingidentity-pi-json-app-authentication-success-wazuhalerts |
| wazuh-sql-login |
microsoft-windows-json-app-login-wazuhalerts |
| wazuh-ssh-catch-all |
unix-unix-json-endpoint-activity-success-parent |
| wazuh-ssh-failed-login |
unix-unix-json-endpoint-login-fail-sshd-1 |
| wazuh-ssh-failed-login-2 |
unix-unix-json-endpoint-login-fail-authfailures |
| wazuh-ssh-login |
unix-unix-json-ssh-traffic-success-wazuhalerts |
| wazuh-sys-auth-fail |
unix-unix-json-endpoint-authentication-fail-userauthfail |
| wazuh-syscheck |
ossec-o-json-app-activity-success-wazuhalerts |
| wazuh-system-info |
wazuh-w-cef-app-activity-success-wazuhalerts |
| wazuh-system-info-2 |
wazuh-w-cef-app-notification-success-wazuhalerts |
| wazuh-unix-as |
unix-unix-json-user-switch-success-sessionopenforuser |
| wazuh-unix-chkpwd-fail |
unix-unix-json-endpoint-login-fail-passwordcheckfailed |
| wazuh-unix-password-change |
unix-unix-json-user-password-modify-success-changedpassword |
| wazuh-unix-su |
unix-unix-json-user-switch-success-wazuhalerts |
| wazuh-unix-sudo |
unix-unix-json-user-switch-success-sudo |
| wazuh-unix-sudo-su |
unix-unix-json-user-switch-success-wazuhalerts-1 |
| wazuh-unix-sudo-su-2 |
unix-unix-json-user-switch-success-wazuhalerts-2 |
| wazuh-usb-disconnect |
wazuh-w-json-peripheral_storage-remove-success-usbdevicedisconnected |
| wazuh-windows-catch-all |
wazuh-w-json-endpoint-activity-success-wazuhalerts-1 |
| wazuh-windows-security-catch-all |
wazuh-w-json-endpoint-activity-success-typewazuhalerts |
| wdac-process-alert-3076 |
microsoft-wdac-str-alert-trigger-success-3076 |
| wdac-security-alert-3089 |
microsoft-wdac-str-alert-trigger-success-3089 |
| wdac-system-event-3033 |
microsoft-wdac-str-endpoint-notification-success-3033 |
| wdac-system-event-3099 |
microsoft-wdac-str-endpoint-notification-success-3099 |
| weblogin-app-activity |
weblogin-w-kv-app-notification-webactivity |
| weblogin-app-activity-1 |
weblogin-w-kv-http-session-success-httpredirect |
| websense-dlp-email-alert-in |
forcepoint-wsg-cef-email-receive-success-subjectmessage |
| websense-proxy |
forcepoint-wsg-cef-http-session-security |
| websense-proxy-1 |
forcepoint-wsg-leef-http-session-webactivity |
| websense-proxy-2 |
forcepoint-wsg-kv-http-session-webactivity |
| websense-proxy-3 |
forcepoint-wsg-kv-http-session-websensewsg |
| websense-usb-activity |
forcepoint-dlp-cef-peripheral_storage-insert-success-removablemedia |
| win-def-mal-detect |
microsoft-defenderep-kv-alert-trigger-success-virus |
| win-disable-device |
"microsoft-windows-xml-peripheral-storage-activity-success-devicewasdisable |
| win-disable-device-request |
"microsoft-windows-xml-peripheral-storage-activity-success-disable |
| win-enable-device |
"microsoft-evsecurity-xml-peripheral-storage-insert-success-enabledevice |
| win-enable-device-request |
"microsoft-windows-xml-peripheral-storage-activity-success-enableadevice |
| win-external-device-recog |
"microsoft-evsecurity-xml-peripheral-storage-insert-success-devicewasrecognized |
| win-external-device-recog-1 |
microsoft-evsecurity-kv-peripheralstorage-insert-success-6416 |
| win-powershell-command |
"microsoft-evpowershell-xml-process-create-success-4103 |
| windows-1102 |
microsoft-evsecurity-kv-http-request-success-1102 |
| windows-4768-1 |
microsoft-evsecurity-json-endpoint-login-4768-1 |
| windows-4793 |
microsoft-evsecurity-kv-endpoint-notification-success-4793-1 |
| windows-4954 |
microsoft-evsecurity-kv-policy-apply-4954 |
| windows-6144 |
microsoft-evsecurity-kv-policy-apply-6144 |
| windows-6145 |
microsoft-evsecurity-kv-policy-apply-fail-6145 |
| windows-defender-endpoint-1 |
microsoft-defenderep-str-app-notification-upandrunning |
| windows-defender-endpoint-10 |
microsoft-defenderep-str-app-notification-avsignatureupdated |
| windows-defender-endpoint-11 |
microsoft-defenderep-str-endpoint-scan-scanhasstarted |
| windows-defender-endpoint-12 |
microsoft-defenderep-str-app-notification-stateupdated |
| windows-defender-endpoint-13 |
microsoft-defenderep-kv-app-notification-scanfinished |
| windows-defender-endpoint-14 |
microsoft-defenderep-str-app-notification-versionupdated-1 |
| windows-defender-endpoint-15 |
microsoft-defenderep-str-app-notification-encounterederror |
| windows-defender-endpoint-2 |
microsoft-defenderep-str-configuration-modify-config-changed |
| windows-defender-endpoint-3 |
microsoft-defenderep-str-app-notification-clienthealthreport |
| windows-defender-endpoint-4 |
microsoft-defenderep-str-endpoint-scan-fail-scanstopped |
| windows-defender-endpoint-5 |
microsoft-defenderep-str-app-notification-versionupdated |
| windows-defender-endpoint-6 |
microsoft-defenderep-kv-endpoint-scan-updated |
| windows-defender-endpoint-7 |
microsoft-defenderep-kv-endpoint-scan-success-scanstarted |
| windows-defender-endpoint-8 |
microsoft-defenderep-str-endpoint-scan-scanfinished |
| windows-defender-endpoint-9 |
microsoft-defenderep-str-app-notification-removedhistory |
| windows-dns-network-connection |
microsoft-windows-kv-network-traffic-success-networkconn-1 |
| windows-dns-query |
microsoft-windows-str-dns-request-success-udpquesinfo |
| windows-dns-query-1 |
microsoft-windows-str-dns-request-success-packetqm |
| windows-dns-query-2 |
microsoft-windows-kv-dns-request-success-response |
| windows-dns-query-3 |
microsoft-windows-str-dns-request-success-queryq |
| windows-dns-query-4 |
microsoft-windows-str-dns-request-success-packetu |
| windows-dns-query-5 |
microsoft-windows-str-dns-request-success-packetn |
| windows-dns-response |
microsoft-windows-kv-dns-response-success-udpresponseinfo |
| windows-dns-response-1 |
microsoft-windows-str-dns-response-success-packetrq |
| windows-dns-response-2 |
microsoft-windows-kv-dns-response-success-flags |
| windows-dns-response-3 |
microsoft-windows-str-dns-response-success-packetru |
| windows-events-4624 |
microsoft-evsecurity-json-endpoint-login-success-4624-6 |
| windows-events-4648 |
microsoft-evsecurity-kv-endpoint-login-success-4648-2 |
| windows-events-4672 |
microsoft-evsecurity-json-user-privilege-assign-success-4672-2 |
| windows-events-4696 |
microsoft-evsecurity-json-process-token-assign-success-4696 |
| windows-events-4769 |
microsoft-evsecurity-json-endpoint-login-4769-8 |
| windows-events-4776 |
microsoft-evsecurity-json-endpoint-login-fail-4776 |
| windows-kinesis-firehose-4624 |
microsoft-evsecurity-sk4-endpoint-login-success-4624 |
| windows-kinesis-firehose-5145 |
microsoft-evsecurity-sk4-share-access-5145-8 |
| windows-kinesis-firehose-5156 |
microsoft-evsecurity-sk4-network-session-success-5156 |
| windows-powershell-800 |
microsoft-evdnsserver-kv-process-create-success-800-2 |
| windows-rdp-login |
"microsoft-evterminalservicesgateway-xml-endpoint-login-terminalservice-21 |
| windows-server-system-events |
microsoft-evapp-kv-endpoint-activity-success-1530 |
| windows-system-info |
microsoft-evsystem-kv-endpoint-notification-success-notification |
| windows-system-info-10 |
microsoft-evdirservice-kv-app-notification-success-1865 |
| windows-system-info-11 |
microsoft-evdirservice-kv-app-notification-success-1311 |
| windows-system-info-12 |
microsoft-evdirservice-kv-app-notification-success-1566 |
| windows-system-info-13 |
microsoft-evdirservice-kv-app-notification-success-1864 |
| windows-system-info-14 |
microsoft-evdirservice-kv-app-notification-success-701 |
| windows-system-info-15 |
microsoft-evdirservice-kv-app-notification-success-700 |
| windows-system-info-16 |
microsoft-evdfsrep-kv-ds-replication-start-fail-5008 |
| windows-system-info-17 |
microsoft-evdirservice-kv-app-notification-success-1162 |
| windows-system-info-18 |
microsoft-evdfsrep-kv-ds-replication-fail-5014 |
| windows-system-info-19 |
microsoft-evdfsrep-kv-ds-replication-start-success-5004 |
| windows-system-info-2 |
microsoft-evsecurity-kv-endpoint-activity-success-4665 |
| windows-system-info-20 |
microsoft-evdirservice-kv-app-notification-success-3041 |
| windows-system-info-21 |
microsoft-evdirservice-kv-app-notification-success-2887 |
| windows-system-info-3 |
microsoft-evsecurity-kv-endpoint-activity-success-4666 |
| windows-system-info-4 |
microsoft-evsecurity-kv-endpoint-activity-success-4667 |
| windows-system-info-5 |
microsoft-evsecurity-kv-endpoint-activity-success-26401 |
| windows-system-info-6 |
microsoft-evkernelio-str-endpoint-activity-success-endpointactivity |
| windows-system-info-7 |
microsoft-evliveid-kv-endpoint-activity-success-endpointactivity |
| windows-system-info-8 |
microsoft-evknownfolders-str-endpoint-activity-success-endpointactivity |
| windows-system-info-9 |
microsoft-evlp-str-endpoint-activity-success-endpointactivity |
| windows-vpn-login-4979 |
microsoft-directaccess-csv-vpn-login-success-4979 |
| windows-vpn-login-4981 |
microsoft-directaccess-csv-vpn-login-success-4981 |
| windows-vpn-login-failed-4654 |
microsoft-directaccess-csv-vpn-login-fail-4654 |
| windows-vpn-logout-4655 |
microsoft-evsecurity-csv-network-close-success-4655 |
| windows-xml-1400 |
"microsoft-evapp-xml-endpoint-notification-success-1400 |
| windows-xml-2580 |
"microsoft-evsecurity-xml-endpoint-notification-success-2580 |
| windows-xml-2581 |
"microsoft-evsecurity-xml-endpoint-notification-success-2581 |
| windows-xml-4674 |
"microsoft-evsecurity-xml-user-privilege-use-success-4674 |
| windows-xml-4691 |
"microsoft-evsecurity-xml-endpoint-activity-success-4691 |
| windows-xml-4700 |
"microsoft-evsecurity-xml-scheduled-task-create-success-4700 |
| windows-xml-4720 |
"microsoft-evsecurity-xml-user-create-success-4720-2 |
| windows-xml-4722 |
"microsoft-evsecurity-xml-user-enable-success-4722 |
| windows-xml-4735-1 |
"microsoft-evsecurity-xml-group-modify-success-4735-3 |
| windows-xml-4742 |
"microsoft-evsecurity-xml-ds-object-modify-success-4742 |
| windows-xml-4780 |
"microsoft-evsecurity-xml-endpoint-notification-success-4780 |
| windows-xml-4886 |
"microsoft-evsecurity-xml-certificate-request-success-4886 |
| windows-xml-4887 |
"microsoft-evsecurity-xml-certificate-create-success-4887 |
| windows-xml-4911 |
"microsoft-evsecurity-xml-endpoint-activity-success-4911 |
| windows-xml-4952 |
"microsoft-evsecurity-xml-endpoint-notification-success-4952 |
| windows-xml-4954 |
"microsoft-evsecurity-xml-policy-apply-success-4954 |
| windows-xml-6145 |
"microsoft-evsecurity-xml-policy-apply-fail-6145 |
| windows-xml-98 |
"microsoft-windows-xml-endpoint-notification-success-98 |
| windows-xml-member-added-2008 |
"microsoft-evsecurity-xml-group-member-add-success-eventid47 |
| windows-xml-powershell-800 |
"microsoft-evdnsserver-xml-process-create-success-800-1 |
| windows-xml-powershell-process-created |
"microsoft-evterminalservicesgateway-xml-process-create-success-400 |
| windows-xml-powershell-process-created-1 |
"microsoft-evsecurity-xml-process-create-success-600 |
| windows-xml-powershell-process-created-2 |
"microsoft-evpowershell-xml-process-create-success-4103 |
| wininit-process-info-12 |
"windows-evsystem-xml-endpoint-notification-12 |
| wiz-app-login |
wiz-w-json-app-login-success-federatedauth |
| wiz-delete-user |
wiz-w-csv-user-delete-success-deleteuser |
| wiz-system-info-1 |
wiz-w-mix-app-notification-success-finalizecicdscan |
| wiz-system-info-2 |
wiz-w-mix-app-notification-success-initiatedisk |
| wls-4611 |
microsoft-evsecurity-csv-endpoint-notification-success-4611 |
| wls-4624 |
microsoft-evsecurity-kv-endpoint-login-success-4624-5 |
| wls-4625 |
microsoft-evsecurity-kv-endpoint-login-fail-4625-6 |
| wls-4663 |
microsoft-evsecurity-kv-file-read-success-4663 |
| wls-4688 |
microsoft-evsecurity-kv-process-create-success-4688wls |
| wls-4720 |
microsoft-evsecurity-kv-user-create-success-4720-2 |
| wls-4723 |
microsoft-evsecurity-kv-user-password-modify-4723-3 |
| wls-4724 |
microsoft-evsecurity-kv-user-password-reset-success-4724-3 |
| wls-4725 |
microsoft-evsecurity-kv-user-disable-success-4725-1 |
| wls-4726 |
microsoft-evsecurity-kv-user-delete-fail-wls |
| wls-4740 |
microsoft-evsecurity-kv-user-lock-success-4740-2 |
| wls-4768 |
microsoft-evsecurity-kv-endpoint-login-4768-6 |
| wls-4769 |
microsoft-evsecurity-kv-endpoint-login-4769-3 |
| wls-4771 |
microsoft-evsecurity-kv-endpoint-login-fail-4771-2 |
| wls-4776 |
microsoft-evsecurity-kv-endpoint-login-4776-3 |
| wls-627 |
microsoft-evsecurity-kv-user-password-modify-627-2 |
| wls-644 |
microsoft-evsecurity-kv-user-delete-fail-644 |
| wls-675 |
microsoft-evsecurity-kv-endpoint-login-fail-675 |
| wls-member-added-2008-notype |
microsoft-evsecurity-kv-group-member-add-success-wls |
| wls-windows-privileged-access |
microsoft-evsecurity-kv-user-privilege-success-467 |
| workday-app-activity-1 |
workday-wd-json-app-activity-success-activityaction |
| workday-app-activity-2 |
workday-wd-json-app-activity-success-appactivity |
| workday-app-login-1 |
workday-wd-json-app-login-success-startnewsession |
| workday-app-login-2 |
workday-wd-json-app-login-success-startnewsession-1 |