| xams-failed-app-login |
xiting-x-cef-app-login-fail-gescheitert |
| xams-system-info |
xiting-x-cef-app-activity-success-xams |
| xerox-print |
xerox-x-kv-printer-activity-success-colorduplexcount |
| xml-10000 |
"microsoft-evazureadppdca-xml-dll-load-success-10000 |
| xml-10014 |
"microsoft-azuread-xml-user-password-modify-success-10014 |
| xml-10015 |
"microsoft-azuread-xml-user-password-reset-success-10015 |
| xml-10016 |
"microsoft-evsystem-xml-dcom-activate-fail-10016 |
| xml-10016-1 |
"microsoft-azuread-xml-user-password-modify-fail-10016 |
| xml-10017 |
"microsoft-evazureadppdca-xml-user-password-reset-fail-10017 |
| xml-10024 |
"microsoft-azuread-xml-user-password-modify-success-10024 |
| xml-10025 |
"microsoft-azuread-xml-user-password-reset-success-10025 |
| xml-1009 |
"microsoft-defenderep-xml-alert-trigger-success-1009 |
| xml-104 |
"microsoft-windows-xml-log-clear-success-104 |
| xml-1074 |
"microsoft-evsystem-xml-endpoint-stop-1074 |
| xml-1100 |
"microsoft-evsecurity-xml-log-disable-1100 |
| xml-1101 |
"microsoft-evsecurity-xml-endpoint-notification-1101 |
| xml-1102 |
"microsoft-evsecurity-xml-log-clear-success-1102 |
| xml-1102-1 |
microsoft-evsecurity-kv-log-clear-success-logfileclear |
| xml-1105 |
"microsoft-evsecurity-xml-log-backup-1105 |
| xml-1116 |
"microsoft-defenderep-kv-alert-trigger-success-1116 |
| xml-1117 |
"microsoft-defenderep-kv-alert-trigger-success-1117 |
| xml-1149 |
"microsoft-evadfs-xml-rdp-traffic-success-1149 |
| xml-1310 |
"microsoft-evsecurity-xml-endpoint-login-fail-1310 |
| xml-16 |
"microsoft-evsystem-xml-endpoint-notification-16 |
| xml-20000 |
"microsoft-evazureadppdca-xml-service-start-success-20000 |
| xml-20001 |
microsoft-evsystem-xml-endpoint-notification-success-20001 |
| xml-30002 |
"microsoft-azuread-xml-user-password-modify-fail-30002 |
| xml-30003 |
"microsoft-evazureadppdca-xml-user-password-reset-fail-30003 |
| xml-30004 |
"microsoft-azuread-xml-user-password-modify-fail-30004 |
| xml-30005 |
"microsoft-evazureadppdca-xml-user-password-reset-fail-30005 |
| xml-30009 |
"microsoft-azuread-xml-user-password-reset-success-30009 |
| xml-30010 |
"microsoft-azuread-xml-user-password-modify-success-30010 |
| xml-30026 |
"microsoft-azuread-xml-user-password-modify-fail-30026 |
| xml-30027 |
"microsoft-evazureadppdca-xml-user-password-reset-fail-30027 |
| xml-30028 |
"microsoft-azuread-xml-user-password-modify-success-30028 |
| xml-30029 |
"microsoft-azuread-xml-user-password-reset-success-30029 |
| xml-30030 |
"microsoft-evazureadppdca-xml-app-authentication-success-30030 |
| xml-30035 |
"microsoft-evazureadppdca-xml-endpoint-activity-success-30035 |
| xml-30036 |
"microsoft-evazureadppdca-xml-endpoint-activity-fail-30036 |
| xml-30038 |
"microsoft-evazureadppdca-xml-endpoint-notification-success-30038 |
| xml-30042 |
"microsoft-evazureadppdca-xml-endpoint-notification-success-30042 |
| xml-30043 |
"microsoft-evazureadppdca-xml-endpoint-activity-success-30043 |
| xml-30044 |
"microsoft-evazureadppdca-xml-endpoint-activity-fail-30044 |
| xml-4608 |
"microsoft-evsecurity-xml-endpoint-start-4608 |
| xml-4610 |
"microsoft-evsecurity-xml-dll-load-4610 |
| xml-4611 |
"microsoft-evsecurity-xml-endpoint-notification-4611 |
| xml-4614 |
"microsoft-evsecurity-xml-dll-load-4614 |
| xml-4616 |
"microsoft-evsecurity-xml-endpoint-time-modify-4616 |
| xml-4622 |
"microsoft-evsecurity-xml-service-create-success-4622 |
| xml-4624 |
"microsoft-evsecurity-xml-endpoint-login-success-4624 |
| xml-4624-1 |
"microsoft-evsecurity-cef-endpoint-login-success-4624-1 |
| xml-4625 |
"microsoft-evsecurity-xml-endpoint-login-fail-4625 |
| xml-4625-1 |
"microsoft-evsecurity-xml-endpoint-login-fail-4625-1 |
| xml-4627 |
"microsoft-evsecurity-xml-endpoint-notification-4627-1 |
| xml-4634-1 |
"microsoft-evsecurity-cef-endpoint-logout-4634 |
| xml-4648 |
"microsoft-evsecurity-xml-user-switch-success-4648 |
| xml-4649 |
"microsoft-evsecurity-xml-alert-trigger-success-4649 |
| xml-4653 |
"microsoft-evsecurity-xml-endpoint-notification-4653-1 |
| xml-4654 |
"microsoft-evsecurity-xml-endpoint-notification-4654 |
| xml-4655 |
"microsoft-evsecurity-xml-endpoint-activity-4655 |
| xml-4657 |
"microsoft-evsecurity-xml-registry-create-success-4657 |
| xml-4659 |
"microsoft-evsecurity-xml-handle-request-4659 |
| xml-4662 |
"microsoft-evsecurity-xml-ds-object-activity-success-4662 |
| xml-4662-jp |
"microsoft-evsecurity-xml-ds-object-activity-success-4662-1 |
| xml-4663 |
"microsoft-evsecurity-xml-file-read-success-4663 |
| xml-4670 |
"microsoft-evsecurity-xml-file-permission-modify-4670-2 |
| xml-4670-1 |
"microsoft-evsecurity-xml-file-permission-modify-4670-1 |
| xml-4672 |
"microsoft-evsecurity-xml-user-privilege-assign-success-4672 |
| xml-4673 |
"microsoft-evsecurity-xml-user-privilege-assign-success-4673-1 |
| xml-4674 |
"microsoft-evsecurity-xml-user-privilege-use-success-4674-1 |
| xml-4674-1 |
"microsoft-evsecurity-cef-user-privilege-use-success-4674-2 |
| xml-4688 |
"microsoft-evsecurity-xml-process-create-success-4688 |
| xml-4689 |
"microsoft-evsecurity-xml-process-close-4689 |
| xml-4695 |
"microsoft-evsecurity-xml-endpoint-notification-4695 |
| xml-4699 |
"microsoft-evsecurity-xml-scheduled-task-delete-4699 |
| xml-4702 |
"microsoft-evsecurity-xml-scheduled-task-modify-4702-2 |
| xml-4702-1 |
"microsoft-evsecurity-xml-scheduled-task-modify-4702-1 |
| xml-4702-2 |
"microsoft-evsecurity-xml-scheduled-task-modify-taskupdated |
| xml-4703 |
"microsoft-evsecurity-xml-user-privilege-modify-4703 |
| xml-4719 |
"microsoft-evsecurity-xml-audit-policy-modify-success-4719 |
| xml-4731 |
microsoft-evsecurity-xml-group-create-success-4731 |
| xml-4735 |
"microsoft-evsecurity-xml-group-modify-success-4735-1 |
| xml-4738 |
"microsoft-evsecurity-xml-ds-object-modify-success-4738 |
| xml-4739 |
microsoft-windows-mix-configuration-modify-success-4739 |
| xml-4742-jp |
"microsoft-evsecurity-xml-ds-object-activity-success-4742 |
| xml-4767 |
"microsoft-evsecurity-xml-user-unlock-success-4767 |
| xml-4768 |
"microsoft-evsecurity-xml-endpoint-login-4768 |
| xml-4769 |
"microsoft-evsecurity-xml-endpoint-login-4769 |
| xml-4769-1 |
"microsoft-evsecurity-xml-endpoint-login-4769-2 |
| xml-4776 |
"microsoft-evsecurity-xml-endpoint-login-4776 |
| xml-4778 |
"microsoft-evsecurity-xml-rdp-traffic-success-4778 |
| xml-4779 |
"microsoft-evsecurity-xml-endpoint-logout-success-4779 |
| xml-4793 |
"microsoft-evsecurity-xml-endpoint-notification-4793 |
| xml-4797 |
"microsoft-evsecurity-xml-endpoint-notification-4797 |
| xml-4798 |
"microsoft-evsecurity-xml-group-list-4798-1 |
| xml-4798-1 |
"microsoft-evsecurity-xml-group-list-4798 |
| xml-4799 |
"microsoft-evsecurity-xml-group-member-list-4799-1 |
| xml-4800 |
"microsoft-evsecurity-xml-endpoint-lock-success-4800 |
| xml-4801 |
"microsoft-evsecurity-xml-endpoint-unlock-success-4801 |
| xml-4816 |
"microsoft-evsecurity-xml-network-notfication-4816 |
| xml-4822 |
"microsoft-evsecurity-xml-endpoint-authentication-fail-4822 |
| xml-4825 |
"microsoft-windows-xml-endpoint-login-fail-4825 |
| xml-4826 |
"microsoft-evsecurity-xml-configuration-load-4826 |
| xml-4902 |
"microsoft-evsecurity-xml-endpoint-notification-4902 |
| xml-4904 |
"microsoft-evsecurity-xml-audit-policy-modify-4904 |
| xml-4905 |
"microsoft-evsecurity-xml-audit-policy-modify-4905 |
| xml-4907 |
"microsoft-evsecurity-xml-audit-policy-modify-4907 |
| xml-4946 |
"microsoft-evsecurity-xml-policy-modify-4946 |
| xml-4981 |
"microsoft-evsecurity-xml-network-session-success-4981 |
| xml-4984 |
"microsoft-evsecurity-xml-network-session-fail-4984 |
| xml-5024 |
"microsoft-evsecurity-xml-endpoint-notification-5024 |
| xml-5031 |
"microsoft-evsecurity-xml-endpoint-notification-5031 |
| xml-5033 |
"microsoft-evsecurity-xml-endpoint-notification-5033 |
| xml-5038 |
"microsoft-evsecurity-xml-driver-load-fail-5038 |
| xml-5058 |
"microsoft-evsecurity-xml-file-5058-1 |
| xml-5059 |
"microsoft-evsecurity-xml-key-migrate-5059-1 |
| xml-5061 |
"microsoft-evsecurity-xml-key-5061-2 |
| xml-5136 |
"microsoft-evsecurity-xml-ds-object-modify-success-5136 |
| xml-5137 |
"microsoft-evsecurity-xml-ds-object-create-success-5137 |
| xml-5138 |
"microsoft-evsecurity-xml-ds-object-restore-success-5138 |
| xml-5139 |
"microsoft-evsecurity-xml-ds-object-move-success-5139 |
| xml-5140 |
"microsoft-evsecurity-xml-share-access-success-5140 |
| xml-5141 |
"microsoft-evsecurity-xml-ds-object-delete-success-5141 |
| xml-5143 |
"microsoft-evsecurity-xml-share-modify-success-5143 |
| xml-5144 |
"microsoft-evsecurity-xml-share-delete-success-5144 |
| xml-5145 |
"microsoft-evsecurity-xml-share-access-5145 |
| xml-5145-1 |
"microsoft-evsecurity-xml-share-access-5145-1 |
| xml-5152 |
"microsoft-evsecurity-xml-network-traffic-fail-5152 |
| xml-5154 |
"microsoft-evsecurity-xml-network-listen-5154 |
| xml-5156 |
"microsoft-evsecurity-xml-network-session-success-5156 |
| xml-5157 |
"microsoft-evsecurity-xml-network-session-fail-5157 |
| xml-5158 |
"microsoft-evsecurity-xml-network-session-success-5158 |
| xml-5447 |
"microsoft-evsecurity-xml-policy-modify-5447 |
| xml-5451 |
"microsoft-evsecurity-xml-endpoint-activity-5451 |
| xml-5478 |
"microsoft-evsecurity-xml-service-create-success-5478 |
| xml-5723 |
"microsoft-evsystem-xml-endpoint-authentication-fail-5723 |
| xml-5823 |
"microsoft-evsystem-xml-endpoint-password-modify-5823 |
| xml-5829 |
"microsoft-evsystem-xml-alert-trigger-5829 |
| xml-5861 |
"microsoft-evsystem-xml-process-create-success-5861 |
| xml-6005 |
"microsoft-evsystem-xml-service-start-6005 |
| xml-6006 |
"microsoft-evsystem-xml-log-disable-6006 |
| xml-6144 |
"microsoft-evsecurity-xml-policy-apply-6144 |
| xml-6272 |
"microsoft-evnps-xml-radius-traffic-success-6272 |
| xml-6417 |
"microsoft-evsecurity-xml-endpoint-notification-6417 |
| xml-8004 |
"microsoft-evntlm-xml-endpoint-login-fail-8004 |
| xml-8015 |
"microsoft-evsecurity-xml-dns-record-create-fail-8015 |
| xml-8018 |
"microsoft-evsecurity-xml-dns-record-create-fail-8018 |
| xml-email-saas-o365-alert |
"microsoft-o365-xml-email-send-success-office365 |
| xml-iis-6200-web-activity |
"microsoft-iis-xml-http-session-6200 |
| xml-member-removed-2008 |
"microsoft-evsecurity-xml-group-member-remove-success-eventid |
| xml-microsoft-dns-query |
"microsoft-evdnsserver-xml-dns-request-success-256 |
| xml-mssql-database-login |
"microsoft-mssql-xml-database-login-qualifiers |
| xml-mssql-database-login-1 |
"microsoft-mssql-xml-database-login-audit |
| xml-netapp-4659 |
"microsoft-evsecurity-xml-handle-request-success-4659 |
| xml-nps-logon |
"microsoft-evsecurity-xml-radius-traffic-627 |
| xml-powershell-4104 |
"microsoft-evpowershell-xml-script-execute-success-4104 |
| xml-powershell-4105 |
"microsoft-evpowershell-xml-script-execute-4105 |
| xml-powershell-4106 |
"microsoft-evpowershell-xml-endpoint-notification-4106 |
| xml-sophos-security-alert |
"sophos-ep-xml-alert-trigger-success-antivirus |
| xml-sysmon-alert |
"microsoft-sysmon-xml-alert-trigger-success-25 |
| xml-sysmon-config-change |
"microsoft-sysmon-xml-log-4 |
| xml-sysmon-config-change-1 |
"microsoft-sysmon-xml-dll-load-7 |
| xml-sysmon-dns-query |
"microsoft-sysmon-xml-dns-request-success-query |
| xml-sysmon-file-create |
"microsoft-sysmon-xml-file-write-success-11 |
| xml-sysmon-file-write |
"microsoft-sysmon-xml-file-write-success-13 |
| xml-sysmon-file-write-1 |
"microsoft-sysmon-xml-registry-12 |
| xml-sysmon-file-write-2 |
"microsoft-sysmon-xml-file-stream-create-15 |
| xml-sysmon-file-write-3 |
"microsoft-sysmon-xml-file-time-modify-2-1 |
| xml-sysmon-process-created |
"microsoft-sysmon-xml-process-create-success-processcreate |
| xml-sysmon-process-created-1 |
"microsoft-sysmon-xml-process-create-success-processcreate-1 |
| xml-sysmon-process-created-2 |
"microsoft-sysmon-xml-process-create-success-processcreate-2 |
| xml-sysmon-process-terminated |
"microsoft-sysmon-xml-process-close-5 |
| xml-windows-defender-av-1000 |
"microsoft-defenderep-xml-endpoint-scan-success-1000 |
| xml-windows-defender-av-1001 |
"microsoft-defenderep-xml-endpoint-scan-success-1001 |
| xml-windows-defender-av-1002 |
"microsoft-defenderep-xml-endpoint-scan-success-1002 |
| xml-windows-defender-av-1013 |
"microsoft-defenderep-xml-report-create-success-1013 |
| xml-windows-defender-av-1150 |
"microsoft-defenderep-xml-app-notification-success-1150 |
| xml-windows-defender-av-1151 |
"microsoft-defenderep-xml-report-create-success-1151 |
| xml-windows-defender-av-2000 |
"microsoft-defenderep-xml-configuration-modify-success-2000 |
| xml-windows-defender-av-2010 |
"microsoft-defenderep-xml-configuration-modify-success-2010 |
| xml-windows-defender-av-2011 |
"microsoft-defenderep-xml-configuration-modify-success-2011 |
| xml-windows-defender-av-5007 |
"microsoft-defenderep-xml-configuration-modify-success-5007 |
| xml-windows-event-3150 |
"microsoft-evdnsserver-xml-app-notification-3150 |
| xml-windows-event-5502 |
"microsoft-evdnsserver-xml-dns-traffic-fail-5502 |
| xml-windows-event-6001 |
"microsoft-evdnsserver-xml-network-notification-6001 |
| xml-windows-event-6004 |
"microsoft-evdnsserver-xml-network-notification-6004 |
| xml-windows-event-6522 |
"microsoft-evdnsserver-xml-network-notification-6522 |
| xml-windows-event-7050 |
"microsoft-evdnsserver-xml-dns-response-fail-7050 |
| xml-windows-events-1 |
"microsoft-windows-xml-app-activity-success-10036 |
| xplan-csv-failed-physical-access-1 |
xplan-x-csv-physical-location-access-fail-accessdenied |
| xplan-csv-failed-physical-access-2 |
xplan-x-csv-physical-location-access-fail-cardexpired |
| xplan-csv-failed-physical-access-3 |
xplan-x-csv-physical-location-access-fail-cardresend |
| xplan-csv-failed-physical-access-4 |
xplan-x-csv-physical-location-access-fail-passbackattemped |
| xplan-csv-physical-access-1 |
xplan-x-csv-physical-location-access-success-accessgranted |
| xplan-csv-physical-access-2 |
xplan-x-csv-physical-location-access-success-controlrelinquished |