Windows Data Sources Data Sources

Name Platform Sourcetype Source Supported TA Date
Windows Event Log Microsoft Windows TerminalServices RDPClient 1024 Windows icon Windows WinEventLog WinEventLog:Microsoft-Windows-TerminalServices-RDPClient/Operational
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/d195eb26-a81c-45ed-aeb3-25792e8a985a/">Windows Event Log Security 4688</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/91738e9e-d112-41c9-b91b-e5868d8993d7/">Windows Defender Alerts</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            mscs:azure:eventhub:defender:advancedhunting
        </td>
        <td class="col-3">
            eventhub://windowsdefenderlogs
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/4f2ccf42-3503-4417-a684-bfccf7f0d7b4/">Powershell Installed IIS Modules</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            Pwsh:InstalledIISModules
        </td>
        <td class="col-3">
            powershell://AppCmdModules
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/5cfd0c72-d989-47a0-92f9-6edc6f8d3564/">Powershell Script Block Logging 4104</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Microsoft-Windows-PowerShell/Operational
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/5ef5cb5d-1fa8-4567-b48f-27317662cd73/">Powershell SIP Inventory</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            PwSh:SubjectInterfacePackage
        </td>
        <td class="col-3">
            powershell://SubjectInterfacePackage
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/b375f4d1-d7ca-4bc0-9103-294825c0af17/">Sysmon EventID 1</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/659cd5a8-148a-4c59-ade1-05f41ac1b096/">Sysmon EventID 10</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/f3db9179-f4f5-416d-bc03-39f4d4ff699e/">Sysmon EventID 11</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/3ef28798-8eaa-4fd2-b074-6f36d08a1b33/">Sysmon EventID 12</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/19cd00ee-f65f-48ca-bb08-64aac28638ce/">Sysmon EventID 13</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/95785e02-93b4-47e2-81f1-be326295348e/">Sysmon EventID 15</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/08924246-c8e8-4c95-a9fc-633c43cc82df/">Sysmon EventID 17</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/37eb3554-214e-4e66-af10-c3ffc5b8ca82/">Sysmon EventID 18</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/aeee5374-3203-4286-b744-a8cc4ad1cd7e/">Sysmon EventID 20</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/304384bc-715e-4958-988b-a8051a91349a/">Sysmon EventID 21</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/911538b2-eba7-4d3e-85e8-d82d380c37bf/">Sysmon EventID 22</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/5ea2721d-f60c-4f48-a047-47d514e327c3/">Sysmon EventID 23</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/01d84dff-4e26-422c-9389-6a579ee6e75b/">Sysmon EventID 3</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/556471bf-44fa-44e6-97e2-eb25416aeb6d/">Sysmon EventID 5</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/eadc297a-c20c-45a1-8fac-74ad54019767/">Sysmon EventID 6</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/45512fa5-4d55-4088-9d51-f4dedc16fdff/">Sysmon EventID 7</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/df7a786c-ade0-48f0-8596-26f10d169f7d/">Sysmon EventID 8</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/ae4a6a24-9b8c-4386-a7ac-677d7ad5bf09/">Sysmon EventID 9</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/22bbf4e4-d313-43c1-98ee-808b8775519d/">Windows Active Directory Admon</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            ActiveDirectory
        </td>
        <td class="col-3">
            ActiveDirectory
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/4490537e-5e0c-46f7-9209-f56f852aa237/">Windows Event Log Application 2282</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            XmlWinEventLog
        </td>
        <td class="col-3">
            XmlWinEventLog:Application
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/3911945d-9222-408d-b851-9b1bce4c2d24/">Windows Event Log Application 3000</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            XmlWinEventLog
        </td>
        <td class="col-3">
            XmlWinEventLog:Application
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/821de0a6-c5b4-491b-a27e-187552792817/">Windows Event Log CAPI2 70</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Microsoft-Windows-CAPI2/Operational
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/463ff898-8135-4c0e-811e-f8629dfc5027/">Windows Event Log CAPI2 81</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Microsoft-Windows-CAPI2/Operational
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/c51444e3-479d-4c4a-b111-e8276a3acf39/">Windows Event Log CertificateServicesClient 1007</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            XmlWinEventLog
        </td>
        <td class="col-3">
            XmlWinEventLog:Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/84a254c5-7900-4b52-a324-a176adb7c11d/">Windows Event Log Defender 1121</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            WinEventLog:Microsoft-Windows-Windows Defender/Operational
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/4a2d0499-f489-4557-82f4-f357025cf3e7/">Windows Event Log Defender 1122</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            WinEventLog:Microsoft-Windows-Windows Defender/Operational
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/0572e119-a48a-4c70-bc58-90e453edacd2/">Windows Event Log Defender 1129</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            WinEventLog:Microsoft-Windows-Windows Defender/Operational
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/27f18792-8d95-4871-8853-874b7faf023f/">Windows Event Log Defender 5007</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            WinEventLog:Microsoft-Windows-Windows Defender/Operational
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/12f0be8b-22c0-4fdf-9468-b7ccca824d1d/">Windows Event Log Printservice 316</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            WinEventLog
        </td>
        <td class="col-3">
            WinEventLog:Microsoft-Windows-PrintService/Admin
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/e3a26785-4389-4830-8d7b-3dad4252719e/">Windows Event Log Printservice 808</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            WinEventLog
        </td>
        <td class="col-3">
            WinEventLog:Microsoft-Windows-PrintService/Admin
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/08f9edb4-f95f-40be-b1dd-bc3a1cd95aaf/">Windows Event Log RemoteConnectionManager 1149</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            wineventlog
        </td>
        <td class="col-3">
            WinEventLog:Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/2a25dafa-691e-4cb2-ae59-07a48867ed9a/">Windows Event Log Security 1100</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/8db7b91a-6d7a-40e7-bfac-06f8e901a9cb/">Windows Event Log Security 1102</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/08682968-0366-4882-9559-fe4fe018a846/">Windows Event Log Security 4624</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/365a02c2-7d18-4baf-b76e-d90c20bbe6ed/">Windows Event Log Security 4625</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/e35c7b9a-b451-4084-95a5-43b7f8965cac/">Windows Event Log Security 4627</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/6a367f8b-1ee0-463d-94a7-029757c6cd02/">Windows Event Log Security 4648</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/f3c2cd64-0b5f-4013-8201-35dc03828ec6/">Windows Event Log Security 4662</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/5d6dca8c-dad9-494f-a321-ef2b0b92fbf4/">Windows Event Log Security 4663</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/43f189b6-369d-4a32-a34c-57e0d38d92f1/">Windows Event Log Security 4672</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/32c06703-02d3-47ec-8856-b0dc3045866c/">Windows Event Log Security 4698</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/4727dead-d063-4333-9ddd-59823a416aff/">Windows Event Log Security 4699</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/e256673b-16e8-4b74-b7aa-9eed6ce67072/">Windows Event Log Security 4703</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/954033e6-dd05-4775-a1f2-1f19632f4420/">Windows Event Log Security 4719</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/7ef1c9e5-691b-48c2-811b-eba91d2d2f1d/">Windows Event Log Security 4720</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/117fe51f-93f8-4589-8e8b-c6b7b7154c7d/">Windows Event Log Security 4724</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/31fd887d-0d14-44cc-bb64-80063a9f2968/">Windows Event Log Security 4725</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/0b56dcd7-0f72-4a05-9226-d6059781737b/">Windows Event Log Security 4726</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/b0d61c5d-aefe-486a-9152-de45cc10fbb4/">Windows Event Log Security 4732</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/cb85709b-101e-41a9-bb60-d2108f79dfbd/">Windows Event Log Security 4738</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/c1e0442a-8a97-405d-baf2-057c5d68cd9a/">Windows Event Log Security 4739</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/ef87257f-e7d1-4856-abae-097b2cfdcdb4/">Windows Event Log Security 4741</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/ea830adf-5450-489a-bcdc-fb8d2cbe674c/">Windows Event Log Security 4742</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/4a5fd6ed-66bd-4f34-bc74-51c00c73c298/">Windows Event Log Security 4768</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/358d5520-f40b-4fa2-b799-966c030cb731/">Windows Event Log Security 4769</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/418debbb-adf3-48ec-9efd-59d45f8861e5/">Windows Event Log Security 4771</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/1da9092a-c795-4a26-ace8-d43855524e96/">Windows Event Log Security 4776</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/9732ffe7-ebce-4557-865c-1725a0f633cb/">Windows Event Log Security 4781</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/ec7da74f-274a-4bde-aa0e-15c68aca0426/">Windows Event Log Security 4794</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/29e97f72-eb2e-400e-b0c9-81277547e43b/">Windows Event Log Security 4798</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/4a78722a-9cd9-44e8-b010-dffad5c7f170/">Windows Event Log Security 4876</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/c5abd97d-b468-451f-bd65-b4f97efa4ecc/">Windows Event Log Security 4886</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/994c7b19-a623-4231-9818-f00e453b9a75/">Windows Event Log Security 4887</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/7ba3737e-231e-455d-824e-cd077749f835/">Windows Event Log Security 5136</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/64ed7bb1-9c3c-4355-ac08-b506ec3b053e/">Windows Event Log Security 5137</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/93e0ca09-e4b8-4da6-872a-d0127c4d2b22/">Windows Event Log Security 5140</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/eafb35fa-f034-4be3-8508-d9173a73c0a1/">Windows Event Log Security 5141</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/0746479b-7b82-4d7e-8811-0b35da00f798/">Windows Event Log Security 5145</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:Security
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/f01d4758-05c8-4ac4-a9a5-33500dd5eb6c/">Windows Event Log System 4720</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:System
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/05e6b2df-b50e-441b-8ac8-565f2e80d62f/">Windows Event Log System 4726</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:System
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/4549f0ac-3df9-4bfb-bea5-1459690c8040/">Windows Event Log System 4728</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:System
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/a6e9b34f-1507-4fa1-a4ba-684d1b676a34/">Windows Event Log System 7036</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:System
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/91738e9e-d112-41c9-b91b-e5868d8993d9/">Windows Event Log System 7040</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:System
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/614dedc8-8a14-4393-ba9b-6f093cbcd293/">Windows Event Log System 7045</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            xmlwineventlog
        </td>
        <td class="col-3">
            XmlWinEventLog:System
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/f8c777f8-e88a-4bba-ae8a-79b250212f23/">Windows Event Log TaskScheduler 200</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            wineventlog
        </td>
        <td class="col-3">
            WinEventLog:Microsoft-Windows-TaskScheduler/Operational
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/469335b3-b6ad-49e2-bbe6-47e15c1464a7/">Windows IIS</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            IIS:Configuration:Operational
        </td>
        <td class="col-3">
            IIS:Configuration:Operational
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
    <tr class="row">
        <td class="col-0">
            <a href="/sources/1d99ddd7-7fec-4dea-bf4f-1f4906142328/">Windows IIS 29</a>
        </td>
        <td class="col-1">
                <img src="https://research.splunk.com/icons/windows.svg" alt="Windows icon" class="icon-tiny">
              Windows
        </td>
        <td class="col-2">
            IIS:Configuration:Operational
        </td>
        <td class="col-3">
            IIS:Configuration:Operational
        </td>
        <td class="col-4">
            
        </td>
        <td class="col-5">
        </td>
    </tr>
</tbody>