<span class="pill kill-chain">_time</span>
</div>
Data Source: Windows Event Log Security 4728
Description
Data source object for Windows Event Log Security 4728
Details
| Property | Value |
|---|---|
| Source | XmlWinEventLog:Security |
| Sourcetype | XmlWinEventLog |
| Separator | EventCode |
Related Detections
| Name | Technique | Type |
|---|---|---|
| Windows AD add Self to Group | Account Manipulation | TTP |
| Windows AD Privileged Group Modification | Account Manipulation | TTP |
Supported Apps
- Splunk Add-on for Microsoft Windows (version 9.1.2)
Event Fields
Fields
Required Output Fields
- dest
Source: GitHub | Version: 2