|
Windows Event Log AppXDeployment-Server 400
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Microsoft-Windows-AppXDeploymentServer/Operational
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log AppXDeployment-Server 854
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Microsoft-Windows-AppXDeploymentServer/Operational
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log AppXDeployment-Server 855
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Microsoft-Windows-AppXDeploymentServer/Operational
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log AppXPackaging 171
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Microsoft-Windows-AppxPackaging/Operational
|
Splunk Add-on for Microsoft Windows
|
|
|
Powershell Script Block Logging 4104
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Microsoft-Windows-PowerShell/Operational
|
Splunk Add-on for Microsoft Windows
|
|
|
Sysmon EventID 1
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
|
Sysmon EventID 10
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
|
Sysmon EventID 11
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
|
Sysmon EventID 12
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
|
Sysmon EventID 13
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
|
Sysmon EventID 14
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
|
Sysmon EventID 15
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
|
Sysmon EventID 17
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
|
Sysmon EventID 18
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
|
Sysmon EventID 20
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
|
Sysmon EventID 21
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
|
Sysmon EventID 22
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
|
Sysmon EventID 23
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
|
Sysmon EventID 26
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
|
Sysmon EventID 3
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
|
Sysmon EventID 5
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
|
Sysmon EventID 6
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
|
Sysmon EventID 7
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
|
Sysmon EventID 8
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
|
Sysmon EventID 9
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
|
Splunk Add-on for Sysmon
|
|
|
Windows Event Log CAPI2 70
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Microsoft-Windows-CAPI2/Operational
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log CAPI2 81
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Microsoft-Windows-CAPI2/Operational
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Defender 1121
|
Windows
|
XmlWinEventLog
|
WinEventLog:Microsoft-Windows-Windows Defender/Operational
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Defender 1122
|
Windows
|
XmlWinEventLog
|
WinEventLog:Microsoft-Windows-Windows Defender/Operational
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Defender 1125
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Defender 1126
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Defender 1129
|
Windows
|
XmlWinEventLog
|
WinEventLog:Microsoft-Windows-Windows Defender/Operational
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Defender 1131
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Defender 1132
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Defender 1133
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Defender 1134
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Defender 5007
|
Windows
|
XmlWinEventLog
|
WinEventLog:Microsoft-Windows-Windows Defender/Operational
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Printservice 4909
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 1100
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 1102
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4624
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4625
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4627
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4648
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4662
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4663
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4672
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4688
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4698
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4699
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4700
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4702
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4703
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4719
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4720
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4724
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4725
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4726
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4727
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4728
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4730
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4731
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4732
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4737
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4738
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4739
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4741
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4742
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4744
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4749
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4754
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4759
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4768
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4769
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4771
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4776
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4781
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4783
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4790
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4794
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4798
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4876
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4886
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4887
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4946
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4947
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 4948
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 5136
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 5137
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 5140
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 5141
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Security 5145
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log System 104
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log System 4720
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:System
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log System 4726
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:System
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log System 4728
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:System
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log System 7036
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:System
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log System 7040
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:System
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log System 7045
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:System
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log TaskScheduler 201
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Security
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Application 15457
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Application
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Application 17135
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Application
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Application 8128
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Application
|
Splunk Add-on for Microsoft Windows
|
|
|
NTLM Operational 8004
|
Windows
|
XmlWinEventLog:Microsoft-Windows-NTLM/Operational
|
XmlWinEventLog:Microsoft-Windows-NTLM/Operational
|
Splunk Add-on for Microsoft Windows
|
|
|
NTLM Operational 8005
|
Windows
|
XmlWinEventLog:Microsoft-Windows-NTLM/Operational
|
XmlWinEventLog:Microsoft-Windows-NTLM/Operational
|
Splunk Add-on for Microsoft Windows
|
|
|
NTLM Operational 8006
|
Windows
|
XmlWinEventLog:Microsoft-Windows-NTLM/Operational
|
XmlWinEventLog:Microsoft-Windows-NTLM/Operational
|
Splunk Add-on for Microsoft Windows
|
|
|
Powershell Installed IIS Modules
|
Windows
|
Pwsh:InstalledIISModules
|
powershell://AppCmdModules
|
N/A
|
|
|
Powershell SIP Inventory
|
Windows
|
PwSh:SubjectInterfacePackage
|
powershell://SubjectInterfacePackage
|
N/A
|
|
|
Windows Active Directory Admon
|
Windows
|
ActiveDirectory
|
ActiveDirectory
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Defender Alerts
|
Windows
|
mscs:azure:eventhub:defender:advancedhunting
|
eventhub://windowsdefenderlogs
|
Splunk add on for Microsoft Defender Advanced Hunting
|
|
|
Windows Event Log Application 2282
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Application
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Application 3000
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Application
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log CertificateServicesClient 1007
|
Windows
|
XmlWinEventLog
|
XmlWinEventLog:Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Microsoft Windows TerminalServices RDPClient 1024
|
Windows
|
WinEventLog
|
WinEventLog:Microsoft-Windows-TerminalServices-RDPClient/Operational
|
N/A
|
|
|
Windows Event Log Printservice 316
|
Windows
|
WinEventLog
|
WinEventLog:Microsoft-Windows-PrintService/Admin
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log Printservice 808
|
Windows
|
WinEventLog
|
WinEventLog:Microsoft-Windows-PrintService/Admin
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log RemoteConnectionManager 1149
|
Windows
|
wineventlog
|
WinEventLog:Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows Event Log TaskScheduler 200
|
Windows
|
wineventlog
|
WinEventLog:Microsoft-Windows-TaskScheduler/Operational
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows IIS
|
Windows
|
IIS:Configuration:Operational
|
IIS:Configuration:Operational
|
Splunk Add-on for Microsoft Windows
|
|
|
Windows IIS 29
|
Windows
|
IIS:Configuration:Operational
|
IIS:Configuration:Operational
|
Splunk Add-on for Microsoft Windows
|
|
