|
AWS Cloudfront
|
AWS
|
aws:cloudfront:accesslogs
|
aws
|
Splunk Add-on for AWS
|
|
AWS CloudTrail
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail AssumeRoleWithSAML
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail ConsoleLogin
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail CopyObject
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail CreateAccessKey
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail CreateKey
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail CreateLoginProfile
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail CreateNetworkAclEntry
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail CreatePolicyVersion
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail CreateSnapshot
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail CreateTask
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail CreateVirtualMFADevice
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail DeactivateMFADevice
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail DeleteAccountPasswordPolicy
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail DeleteAlarms
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail DeleteDetector
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail DeleteGroup
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail DeleteIPSet
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail DeleteLogGroup
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail DeleteLogStream
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail DeleteNetworkAclEntry
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail DeletePolicy
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail DeleteRule
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail DeleteSnapshot
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail DeleteTrail
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail DeleteVirtualMFADevice
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail DeleteWebACL
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail DescribeEventAggregates
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail DescribeImageScanFindings
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail GetAccountPasswordPolicy
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail GetObject
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail GetPasswordData
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail JobCreated
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail ModifyDBInstance
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail ModifyImageAttribute
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail ModifySnapshotAttribute
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail PutBucketAcl
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail PutBucketLifecycle
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail PutBucketReplication
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail PutBucketVersioning
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail PutImage
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail PutKeyPolicy
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail ReplaceNetworkAclEntry
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail SetDefaultPolicyVersion
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail StopLogging
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail UpdateAccountPasswordPolicy
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail UpdateLoginProfile
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail UpdateSAMLProvider
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudTrail UpdateTrail
|
AWS
|
aws:cloudtrail
|
aws_cloudtrail
|
Splunk Add-on for AWS
|
|
AWS CloudWatchLogs VPCflow
|
AWS
|
aws:cloudwatchlogs:vpcflow
|
aws_cloudwatchlogs_vpcflow
|
Splunk Add-on for AWS
|
|
AWS Security Hub
|
AWS
|
aws:securityhub:finding
|
aws_securityhub_finding
|
Splunk Add-on for AWS
|
|
Azure Active Directory
|
Azure
|
azure:monitor:aad
|
Azure AD
|
Splunk Add-on for Microsoft Cloud Services
|
|
Azure Active Directory Add app role assignment to service principal
|
Azure
|
azure:monitor:aad
|
Azure AD
|
Splunk Add-on for Microsoft Cloud Services
|
|
Azure Active Directory Add member to role
|
Azure
|
azure:monitor:aad
|
Azure AD
|
Splunk Add-on for Microsoft Cloud Services
|
|
Azure Active Directory Add owner to application
|
Azure
|
azure:monitor:aad
|
Azure AD
|
Splunk Add-on for Microsoft Cloud Services
|
|
Azure Active Directory Add service principal
|
Azure
|
azure:monitor:aad
|
Azure AD
|
Splunk Add-on for Microsoft Cloud Services
|
|
Azure Active Directory Add unverified domain
|
Azure
|
azure:monitor:aad
|
Azure AD
|
Splunk Add-on for Microsoft Cloud Services
|
|
Azure Active Directory Consent to application
|
Azure
|
azure:monitor:aad
|
Azure AD
|
Splunk Add-on for Microsoft Cloud Services
|
|
Azure Active Directory Disable Strong Authentication
|
Azure
|
azure:monitor:aad
|
Azure AD
|
Splunk Add-on for Microsoft Cloud Services
|
|
Azure Active Directory Enable account
|
Azure
|
azure:monitor:aad
|
Azure AD
|
Splunk Add-on for Microsoft Cloud Services
|
|
Azure Active Directory Invite external user
|
Azure
|
azure:monitor:aad
|
Azure AD
|
Splunk Add-on for Microsoft Cloud Services
|
|
Azure Active Directory Reset password (by admin)
|
Azure
|
azure:monitor:aad
|
Azure AD
|
Splunk Add-on for Microsoft Cloud Services
|
|
Azure Active Directory Set domain authentication
|
Azure
|
azure:monitor:aad
|
Azure AD
|
Splunk Add-on for Microsoft Cloud Services
|
|
Azure Active Directory Sign-in activity
|
Azure
|
azure:monitor:aad
|
Azure AD
|
Splunk Add-on for Microsoft Cloud Services
|
|
Azure Active Directory Update application
|
Azure
|
azure:monitor:aad
|
Azure AD
|
Splunk Add-on for Microsoft Cloud Services
|
|
Azure Active Directory Update authorization policy
|
Azure
|
azure:monitor:aad
|
Azure AD
|
Splunk Add-on for Microsoft Cloud Services
|
|
Azure Active Directory Update user
|
Azure
|
azure:monitor:aad
|
Azure AD
|
Splunk Add-on for Microsoft Cloud Services
|
|
Azure Active Directory User registered security info
|
Azure
|
azure:monitor:aad
|
Azure AD
|
Splunk Add-on for Microsoft Cloud Services
|
|
Azure Audit Create or Update an Azure Automation account
|
Azure
|
mscs:azure:audit
|
mscs:azure:audit
|
Splunk Add-on for Microsoft Cloud Services
|
|
Azure Audit Create or Update an Azure Automation Runbook
|
Azure
|
mscs:azure:audit
|
mscs:azure:audit
|
Splunk Add-on for Microsoft Cloud Services
|
|
Azure Audit Create or Update an Azure Automation webhook
|
Azure
|
mscs:azure:audit
|
mscs:azure:audit
|
Splunk Add-on for Microsoft Cloud Services
|
|
Bro
|
|
bro:http:json
|
bro:http:json
|
|
|
CircleCI
|
|
circleci
|
circleci
|
App for CircleCI
|
|
CrowdStrike ProcessRollup2
|
|
crowdstrike:events:sensor
|
crowdstrike
|
Splunk Add-on for CrowdStrike FDR
|
|
CrushFTP
|
|
crushftp:sessionlogs
|
crushftp
|
|
|
G Suite Drive
|
|
gsuite:drive:json
|
http:gsuite
|
Splunk Add-on for Google Workspace
|
|
G Suite Gmail
|
|
gsuite:gmail:bigquery
|
http:gsuite
|
Splunk Add-on for Google Workspace
|
|
GitHub
|
AWS
|
aws:firehose:json
|
github
|
Splunk Add-on for Github
|
|
Google Workspace login_failure
|
|
gws:reports:admin
|
gws:reports:admin
|
Splunk Add-on for Google Workspace
|
|
Google Workspace login_success
|
|
gws:reports:admin
|
gws:reports:admin
|
Splunk Add-on for Google Workspace
|
|
Ivanti VTM Audit
|
|
ivanti_vtm_audit
|
ivanti_vtm
|
|
|
Kubernetes Audit
|
Kubernetes
|
_json
|
kubernetes
|
|
|
Kubernetes Falco
|
Kubernetes
|
kube:container:falco
|
kubernetes
|
|
|
Linux Auditd Add User
|
Linux
|
linux:audit
|
/var/log/audit/audit.log
|
Splunk Add-on for Unix and Linux
|
|
Linux Auditd Execve
|
Linux
|
linux:audit
|
/var/log/audit/audit.log
|
Splunk Add-on for Unix and Linux
|
|
Linux Auditd Path
|
Linux
|
linux:audit
|
/var/log/audit/audit.log
|
Splunk Add-on for Unix and Linux
|
|
Linux Auditd Proctitle
|
Linux
|
linux:audit
|
/var/log/audit/audit.log
|
Splunk Add-on for Unix and Linux
|
|
Linux Auditd Service Stop
|
Linux
|
linux:audit
|
/var/log/audit/audit.log
|
Splunk Add-on for Unix and Linux
|
|
Linux Auditd Syscall
|
Linux
|
linux:audit
|
/var/log/audit/audit.log
|
Splunk Add-on for Unix and Linux
|
|
Linux Secure
|
Linux
|
linux_secure
|
/var/log/secure
|
|
|
MS365 Defender Incident Alerts
|
|
ms365:defender:incident:alerts
|
ms365_defender_incident_alerts
|
Splunk Add-on for Microsoft Security
|
|
Nginx Access
|
|
nginx:plus:kv
|
/var/log/nginx/access.log
|
|
|
O365
|
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
O365 Add app role assignment grant to user.
|
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
O365 Add app role assignment to service principal.
|
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
O365 Add-MailboxPermission
|
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
O365 Add member to role.
|
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
O365 Add owner to application.
|
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
O365 Add service principal.
|
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
O365 Change user license.
|
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
O365 Consent to application.
|
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
O365 Disable Strong Authentication.
|
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
O365 MailItemsAccessed
|
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
O365 ModifyFolderPermissions
|
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
O365 Set Company Information.
|
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
O365 Set-Mailbox
|
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
O365 Update application.
|
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
O365 Update authorization policy.
|
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
O365 Update user.
|
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
O365 UserLoggedIn
|
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
O365 UserLoginFailed
|
|
o365:management:activity
|
o365
|
Splunk Add-on for Microsoft Office 365
|
|
Okta
|
|
OktaIM2:log
|
Okta
|
Splunk Add-on for Okta Identity Cloud
|
|
osquery
|
|
osquery:results
|
osquery
|
|
|
Palo Alto Network Threat
|
Network
|
pan:threat
|
pan:threat
|
Palo Alto Networks Add-on
|
|
Palo Alto Network Traffic
|
Network
|
pan:traffic
|
screenconnect_palo_traffic
|
Palo Alto Networks Add-on
|
|
PingID
|
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
|
|
Powershell Installed IIS Modules
|
Windows
|
Pwsh:InstalledIISModules
|
powershell://AppCmdModules
|
|
|
Powershell Script Block Logging 4104
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Microsoft-Windows-PowerShell/Operational
|
Splunk Add-on for Microsoft Windows
|
|
Powershell SIP Inventory
|
Windows
|
PwSh:SubjectInterfacePackage
|
powershell://SubjectInterfacePackage
|
|
|
Splunk
|
Splunk
|
splunkd_ui_access
|
splunkd_ui_access.log
|
|
|
Splunk Stream HTTP
|
Splunk
|
stream:http
|
stream:http
|
Splunk Stream
|
|
Splunk Stream IP
|
Splunk
|
stream:ip
|
stream:ip
|
Splunk Stream
|
|
Splunk Stream TCP
|
Splunk
|
stream:tcp
|
stream:tcp
|
Splunk Stream
|
|
Suricata
|
|
suricata
|
suricata
|
|
|
Sysmon EventID 1
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
Sysmon EventID 10
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
Sysmon EventID 11
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
Sysmon EventID 12
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
Sysmon EventID 13
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
Sysmon EventID 15
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
Sysmon EventID 17
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
Sysmon EventID 18
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
Sysmon EventID 20
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
Sysmon EventID 21
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
Sysmon EventID 22
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
Sysmon EventID 23
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
Sysmon EventID 3
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
Sysmon EventID 5
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
Sysmon EventID 6
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
Sysmon EventID 7
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
Sysmon EventID 8
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
Sysmon EventID 9
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
Sysmon for Linux EventID 1
|
Linux
|
sysmon:linux
|
Syslog:Linux-Sysmon/Operational
|
Splunk Add-on for Sysmon for Linux
|
|
Sysmon for Linux EventID 11
|
Linux
|
sysmon:linux
|
Syslog:Linux-Sysmon/Operational
|
Splunk Add-on for Sysmon for Linux
|
|
Windows Active Directory Admon
|
Windows
|
ActiveDirectory
|
ActiveDirectory
|
Splunk Add-on for Microsoft Windows
|
|
Windows Defender Alerts
|
Windows
|
mscs:azure:eventhub:defender:advancedhunting
|
eventhub://windowsdefenderlogs
|
Splunk add on for Microsoft Defender Advanced Hunting
|
|
Windows Event Log Application 2282
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Application
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Application 3000
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Application
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log CAPI2 70
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Microsoft-Windows-CAPI2/Operational
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log CAPI2 81
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Microsoft-Windows-CAPI2/Operational
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log CertificateServicesClient 1007
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Defender 1121
|
Windows
|
xmlwineventlog
|
WinEventLog:Microsoft-Windows-Windows Defender/Operational
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Defender 1122
|
Windows
|
xmlwineventlog
|
WinEventLog:Microsoft-Windows-Windows Defender/Operational
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Defender 1129
|
Windows
|
xmlwineventlog
|
WinEventLog:Microsoft-Windows-Windows Defender/Operational
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Defender 5007
|
Windows
|
xmlwineventlog
|
WinEventLog:Microsoft-Windows-Windows Defender/Operational
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Printservice 316
|
Windows
|
WinEventLog
|
WinEventLog:Microsoft-Windows-PrintService/Admin
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Printservice 808
|
Windows
|
WinEventLog
|
WinEventLog:Microsoft-Windows-PrintService/Admin
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log RemoteConnectionManager 1149
|
Windows
|
wineventlog
|
WinEventLog:Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 1100
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 1102
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 4624
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 4625
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 4627
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 4648
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 4662
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 4663
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 4672
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 4688
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 4698
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 4699
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 4703
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 4719
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 4720
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 4724
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 4725
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 4726
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 4732
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 4738
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 4739
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 4741
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 4742
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 4768
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 4769
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 4771
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 4776
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 4781
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 4794
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 4798
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 4876
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 4886
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 4887
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 5136
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 5137
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 5140
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 5141
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log Security 5145
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log System 4720
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:System
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log System 4726
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:System
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log System 4728
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:System
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log System 7036
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:System
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log System 7040
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:System
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log System 7045
|
Windows
|
xmlwineventlog
|
XmlWinEventLog:System
|
Splunk Add-on for Microsoft Windows
|
|
Windows Event Log TaskScheduler 200
|
Windows
|
wineventlog
|
WinEventLog:Microsoft-Windows-TaskScheduler/Operational
|
Splunk Add-on for Microsoft Windows
|
|
Windows IIS
|
Windows
|
IIS:Configuration:Operational
|
IIS:Configuration:Operational
|
Splunk Add-on for Microsoft Windows
|
|
Windows IIS 29
|
Windows
|
IIS:Configuration:Operational
|
IIS:Configuration:Operational
|
Splunk Add-on for Microsoft Windows
|