<span class="pill kill-chain">_time</span>
</div>
Data Source: Sysmon EventID 14
Description
Data source object for Sysmon EventID 14
Details
| Property | Value |
|---|---|
| Source | XmlWinEventLog:Microsoft-Windows-Sysmon/Operational |
| Sourcetype | XmlWinEventLog |
| Separator | EventID |
Related Detections
| Name | Technique | Type |
|---|---|---|
| Windows Modify Registry to Add or Modify Firewall Rule | Modify Registry | Anomaly |
Supported Apps
- Splunk Add-on for Sysmon (version 5.0.0)
Event Fields
Fields
Source: GitHub | Version: 2