Created
September 26, 2023 01:41
-
-
Save felixguerrero12/4a93e6d1cb0b6a9909b7bc958b370fb3 to your computer and use it in GitHub Desktop.
event_codes_botsv2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| EventCode,field | |
| 1,CommandLine Computer CurrentDirectory EventChannel EventDescription Hashes Image IntegrityLevel Keywords Level LogonGuid LogonId MD5 Opcode ParentCommandLine ParentImage ParentProcessGuid ParentProcessId ProcessGuid ProcessId RecordID SHA1 SHA256 SecurityID Task TerminalSessionId TimeCreated User UtcTime Version action app cmdline dest dest_asset dest_asset_id dest_asset_tag dest_bunit dest_category dest_city dest_country dest_dns dest_ip dest_is_expected dest_mac dest_nt_host dest_owner dest_pci_domain dest_priority dest_requires_av dest_should_timesync dest_should_update direction dvc dvc_asset dvc_asset_id dvc_asset_tag dvc_bunit dvc_category dvc_city dvc_country dvc_dns dvc_ip dvc_is_expected dvc_mac dvc_nt_host dvc_owner dvc_pci_domain dvc_priority dvc_requires_av dvc_should_timesync dvc_should_update eventtype hashes host index linecount parent_process parent_process_id process process_id punct session_id signature signature_id source sourcetype splunk_server tag tag::dest_requires_av tag::dest_should_timesync tag::dest_should_update tag::eventtype tag::user_identity_tag tag::user_watchlist user user_bunit user_category user_email user_first user_identity user_identity_id user_identity_tag user_last user_phone user_prefix user_priority user_startDate user_watchlist user_work_city user_work_country user_work_lat user_work_long vendor_product | |
| 10010,ComputerName Error_Code EventType Keywords LogName Message OpCode RecordNumber Sid SidType SourceName TaskCategory Type User body category dest dest_asset dest_asset_id dest_asset_tag dest_bunit dest_category dest_city dest_country dest_dns dest_ip dest_is_expected dest_nt_host dest_owner dest_pci_domain dest_priority dest_requires_av dest_should_timesync dest_should_update dvc dvc_asset dvc_asset_id dvc_asset_tag dvc_bunit dvc_category dvc_city dvc_country dvc_dns dvc_ip dvc_is_expected dvc_nt_host dvc_owner dvc_pci_domain dvc_priority dvc_requires_av dvc_should_timesync dvc_should_update event_id eventtype host id index linecount product punct severity severity_id signature_id source sourcetype splunk_server tag tag::dest_requires_av tag::dest_should_timesync tag::dest_should_update tag::eventtype user vendor | |
| 1003,ComputerName Error_Code EventType Keywords LogName Message OpCode RecordNumber SourceName TaskCategory Type category dvc dvc_asset dvc_asset_id dvc_asset_tag dvc_bunit dvc_category dvc_city dvc_country dvc_dns dvc_ip dvc_is_expected dvc_mac dvc_nt_host dvc_owner dvc_pci_domain dvc_priority dvc_requires_av dvc_should_timesync dvc_should_update event_id eventtype host id index linecount punct severity severity_id signature_id source sourcetype splunk_server tag tag::eventtype | |
| 1066,ComputerName Error_Code EventType Keywords LogName Message OpCode RecordNumber SourceName TaskCategory Type category dvc dvc_asset dvc_asset_id dvc_asset_tag dvc_category dvc_city dvc_country dvc_dns dvc_ip dvc_mac dvc_nt_host dvc_owner dvc_pci_domain dvc_priority dvc_requires_av dvc_should_update event_id eventtype host id index linecount punct severity severity_id signature_id source sourcetype splunk_server tag tag::eventtype | |
| 2,Computer CreationUtcTime EventChannel EventDescription Image Keywords Level Opcode PreviousCreationUtcTime ProcessGuid ProcessId RecordID SecurityID TargetFilename Task TimeCreated UtcTime Version action app direction dvc dvc_asset dvc_asset_id dvc_asset_tag dvc_category dvc_city dvc_country dvc_dns dvc_ip dvc_mac dvc_nt_host dvc_owner dvc_pci_domain dvc_priority dvc_requires_av dvc_should_update file_create_time file_name file_path host index linecount object_category process process_id punct session_id signature signature_id source sourcetype splunk_server tag tag::object_category vendor_product | |
| 30,ComputerName Error_Code EventType Keywords LogName Message OpCode RecordNumber SourceName TaskCategory Type category dvc dvc_asset dvc_asset_id dvc_asset_tag dvc_category dvc_city dvc_country dvc_dns dvc_ip dvc_mac dvc_nt_host dvc_owner dvc_pci_domain dvc_priority dvc_requires_av dvc_should_update event_id eventtype host id index linecount punct severity severity_id signature_id source sourcetype splunk_server tag tag::eventtype | |
| 32,ComputerName Error_Code EventType Keywords LogName Message OpCode RecordNumber SourceName TaskCategory Type category dvc dvc_asset dvc_asset_id dvc_asset_tag dvc_category dvc_city dvc_country dvc_dns dvc_ip dvc_mac dvc_nt_host dvc_owner dvc_pci_domain dvc_priority dvc_requires_av dvc_should_update event_id eventtype host id index linecount punct severity severity_id signature_id source sourcetype splunk_server tag tag::eventtype | |
| 35,ComputerName Error_Code EventType Keywords LogName Message OpCode RecordNumber SourceName TaskCategory Type category dvc dvc_asset dvc_asset_id dvc_asset_tag dvc_category dvc_city dvc_country dvc_dns dvc_ip dvc_mac dvc_nt_host dvc_owner dvc_pci_domain dvc_priority dvc_requires_av dvc_should_update event_id eventtype host id index linecount punct severity severity_id signature_id source sourcetype splunk_server tag tag::eventtype | |
| 4097,ComputerName Error_Code EventType Keywords LogName Message OpCode RecordNumber SourceName TaskCategory Type category dvc dvc_asset dvc_asset_id dvc_asset_tag dvc_category dvc_city dvc_country dvc_dns dvc_ip dvc_mac dvc_nt_host dvc_owner dvc_pci_domain dvc_priority dvc_requires_av dvc_should_update event_id eventtype host id index linecount punct severity severity_id signature_id source sourcetype splunk_server tag tag::eventtype | |
| 4101,ComputerName Error_Code EventType Keywords LogName Message OpCode RecordNumber SourceName TaskCategory Type category dvc dvc_asset dvc_asset_id dvc_asset_tag dvc_category dvc_city dvc_country dvc_dns dvc_ip dvc_mac dvc_nt_host dvc_owner dvc_pci_domain dvc_priority dvc_requires_av dvc_should_update event_id eventtype host id index linecount punct severity severity_id signature_id source sourcetype splunk_server tag tag::eventtype | |
| 4624,Account_Domain Account_Name Authentication_Package ComputerName Error_Code EventType Impersonation_Level Key_Length Keywords LogName Logon_GUID Logon_ID Logon_Process Logon_Type Message OpCode Package_Name__NTLM_only_ Process_ID Process_Name RecordNumber Security_ID SourceName Source_Network_Address Source_Port TaskCategory Transited_Services Type Workstation_Name action app body category dest dest_asset dest_asset_id dest_asset_tag dest_bunit dest_category dest_city dest_country dest_dns dest_ip dest_is_expected dest_mac dest_nt_domain dest_nt_host dest_owner dest_pci_domain dest_priority dest_requires_av dest_should_timesync dest_should_update dvc dvc_asset dvc_asset_id dvc_asset_tag dvc_bunit dvc_category dvc_city dvc_country dvc_dns dvc_ip dvc_is_expected dvc_mac dvc_nt_host dvc_owner dvc_pci_domain dvc_priority dvc_requires_av dvc_should_timesync dvc_should_update event_id eventtype host id index linecount member_dn member_id member_nt_domain name object process_id product punct session_id severity severity_id signature signature_id source sourcetype splunk_server src src_asset src_asset_id src_asset_tag src_bunit src_category src_city src_country src_dns src_ip src_is_expected src_mac src_nt_domain src_nt_host src_owner src_pci_domain src_port src_priority src_requires_av src_should_timesync src_should_update src_user status subject ta_windows_action tag tag::action tag::app tag::dest_requires_av tag::dest_should_timesync tag::dest_should_update tag::eventtype tag::user_identity_tag tag::user_watchlist user user_bunit user_category user_email user_first user_identity user_identity_id user_identity_tag user_last user_phone user_prefix user_priority user_startDate user_watchlist user_work_city user_work_country user_work_lat user_work_long vendor | |
| 4625,Account_Domain Account_Name Authentication_Package Caller_Process_ID Caller_Process_Name ComputerName Error_Code EventType Failure_Reason Key_Length Keywords LogName Logon_ID Logon_Process Logon_Type Message OpCode Package_Name__NTLM_only_ RecordNumber Security_ID SourceName Source_Network_Address Source_Port Status Sub_Status TaskCategory Transited_Services Type Workstation_Name action app body category dest dest_asset dest_asset_id dest_asset_tag dest_bunit dest_category dest_city dest_country dest_dns dest_ip dest_is_expected dest_mac dest_nt_domain dest_nt_host dest_owner dest_pci_domain dest_priority dest_requires_av dest_should_timesync dest_should_update dvc dvc_asset dvc_asset_id dvc_asset_tag dvc_bunit dvc_category dvc_city dvc_country dvc_dns dvc_ip dvc_is_expected dvc_mac dvc_nt_host dvc_owner dvc_pci_domain dvc_priority dvc_requires_av dvc_should_timesync dvc_should_update event_id eventtype host id index linecount member_dn member_id member_nt_domain name object process_id product punct session_id severity severity_id signature signature_id source sourcetype splunk_server src src_asset src_asset_id src_asset_tag src_bunit src_category src_city src_country src_dns src_ip src_is_expected src_mac src_nt_domain src_nt_host src_owner src_pci_domain src_port src_priority src_requires_av src_should_timesync src_should_update src_user status subject ta_windows_action ta_windows_status tag tag::action tag::app tag::dest_requires_av tag::dest_should_timesync tag::dest_should_update tag::eventtype user vendor | |
| 4634,Account_Domain Account_Name ComputerName Error_Code EventType Keywords LogName Logon_ID Logon_Type Message OpCode RecordNumber Security_ID SourceName TaskCategory Type action app body category dest dest_asset dest_asset_id dest_asset_tag dest_bunit dest_category dest_city dest_country dest_dns dest_ip dest_is_expected dest_mac dest_nt_domain dest_nt_host dest_owner dest_pci_domain dest_priority dest_requires_av dest_should_timesync dest_should_update dvc dvc_asset dvc_asset_id dvc_asset_tag dvc_bunit dvc_category dvc_city dvc_country dvc_dns dvc_ip dvc_is_expected dvc_mac dvc_nt_host dvc_owner dvc_pci_domain dvc_priority dvc_requires_av dvc_should_timesync dvc_should_update event_id eventtype host id index linecount member_dn member_id member_nt_domain name object product punct session_id severity severity_id signature signature_id source sourcetype splunk_server src_nt_domain status subject ta_windows_action tag tag::action tag::app tag::dest_requires_av tag::dest_should_timesync tag::dest_should_update tag::eventtype tag::user_identity_tag tag::user_watchlist user user_bunit user_category user_email user_first user_identity user_identity_id user_identity_tag user_last user_phone user_prefix user_priority user_startDate user_watchlist user_work_city user_work_country user_work_lat user_work_long vendor | |
| 4672,Account_Domain Account_Name ComputerName Error_Code EventType Keywords LogName Logon_ID Message OpCode Privileges RecordNumber Security_ID SourceName TaskCategory Type action app body category dest dest_asset dest_asset_id dest_asset_tag dest_bunit dest_category dest_city dest_country dest_dns dest_ip dest_is_expected dest_mac dest_nt_domain dest_nt_host dest_owner dest_pci_domain dest_priority dest_requires_av dest_should_timesync dest_should_update dvc dvc_asset dvc_asset_id dvc_asset_tag dvc_bunit dvc_category dvc_city dvc_country dvc_dns dvc_ip dvc_is_expected dvc_mac dvc_nt_host dvc_owner dvc_pci_domain dvc_priority dvc_requires_av dvc_should_timesync dvc_should_update event_id eventtype host id index linecount member_dn member_id member_nt_domain name object privilege privilege_id product punct session_id severity severity_id signature signature_id source sourcetype splunk_server src_nt_domain status subject ta_windows_action tag tag::action tag::dest_requires_av tag::dest_should_timesync tag::dest_should_update tag::eventtype tag::privilege_id tag::user_identity_tag tag::user_watchlist user user_bunit user_category user_email user_first user_identity user_identity_id user_identity_tag user_last user_phone user_prefix user_priority user_startDate user_watchlist user_work_city user_work_country user_work_lat user_work_long vendor vendor_privilege | |
| 4688,Account_Domain Account_Name ComputerName Creator_Process_ID Error_Code EventType Keywords LogName Logon_ID Message New_Process_ID New_Process_Name OpCode Process_Command_Line RecordNumber Security_ID SourceName TaskCategory Token_Elevation_Type Token_Elevation_Type_id Type action app body category dest dest_asset dest_asset_id dest_asset_tag dest_bunit dest_category dest_city dest_country dest_dns dest_ip dest_is_expected dest_mac dest_nt_domain dest_nt_host dest_owner dest_pci_domain dest_priority dest_requires_av dest_should_timesync dest_should_update dvc dvc_asset dvc_asset_id dvc_asset_tag dvc_bunit dvc_category dvc_city dvc_country dvc_dns dvc_ip dvc_is_expected dvc_mac dvc_nt_host dvc_owner dvc_pci_domain dvc_priority dvc_requires_av dvc_should_timesync dvc_should_update event_id eventtype host id index linecount member_dn member_id member_nt_domain name object process_id product punct session_id severity severity_id signature signature_id source sourcetype splunk_server src_nt_domain status subject ta_windows_action tag tag::Token_Elevation_Type_id tag::action tag::dest_requires_av tag::dest_should_timesync tag::dest_should_update tag::eventtype tag::user_identity_tag tag::user_watchlist user user_bunit user_category user_email user_first user_identity user_identity_id user_identity_tag user_last user_phone user_prefix user_priority user_startDate user_watchlist user_work_city user_work_country user_work_lat user_work_long vendor | |
| 4768,Account_Name Client_Address Client_Port ComputerName Error_Code EventType Keywords LogName Message OpCode Pre_Authentication_Type RecordNumber Result_Code Service_ID Service_Name SourceName Supplied_Realm_Name TaskCategory Ticket_Encryption_Type Ticket_Options Type User_ID action app body category dest dest_asset dest_asset_id dest_asset_tag dest_bunit dest_category dest_city dest_country dest_dns dest_ip dest_is_expected dest_nt_domain dest_nt_host dest_owner dest_pci_domain dest_priority dest_requires_av dest_should_timesync dest_should_update dvc dvc_asset dvc_asset_id dvc_asset_tag dvc_bunit dvc_category dvc_city dvc_country dvc_dns dvc_ip dvc_is_expected dvc_nt_host dvc_owner dvc_pci_domain dvc_priority dvc_requires_av dvc_should_timesync dvc_should_update event_id eventtype host id index linecount member_dn name object product punct severity severity_id signature signature_id source sourcetype splunk_server src src_ip status subject ta_windows_action tag tag::action tag::dest_requires_av tag::dest_should_timesync tag::dest_should_update tag::eventtype user vendor | |
| 4769,Account_Domain Account_Name Client_Address Client_Port ComputerName Error_Code EventType Failure_Code Keywords LogName Logon_GUID Message OpCode RecordNumber Service_ID Service_Name SourceName TaskCategory Ticket_Encryption_Type Ticket_Options Transited_Services Type action app body category dest dest_asset dest_asset_id dest_asset_tag dest_bunit dest_category dest_city dest_country dest_dns dest_ip dest_is_expected dest_nt_domain dest_nt_host dest_owner dest_pci_domain dest_priority dest_requires_av dest_should_timesync dest_should_update dvc dvc_asset dvc_asset_id dvc_asset_tag dvc_bunit dvc_category dvc_city dvc_country dvc_dns dvc_ip dvc_is_expected dvc_nt_host dvc_owner dvc_pci_domain dvc_priority dvc_requires_av dvc_should_timesync dvc_should_update event_id eventtype host id index linecount member_dn name object product punct severity severity_id signature signature_id source sourcetype splunk_server src src_ip status subject ta_windows_action tag tag::action tag::dest_requires_av tag::dest_should_timesync tag::dest_should_update tag::eventtype tag::user_identity_tag tag::user_watchlist user user_bunit user_category user_email user_first user_identity user_identity_id user_identity_tag user_last user_phone user_prefix user_priority user_startDate user_watchlist user_work_city user_work_country user_work_lat user_work_long vendor | |
| 4770,Account_Domain Account_Name Client_Address Client_Port ComputerName Error_Code EventType Keywords LogName Message OpCode RecordNumber Service_ID Service_Name SourceName TaskCategory Ticket_Encryption_Type Ticket_Options Type action app body category dest dest_asset dest_asset_id dest_asset_tag dest_bunit dest_category dest_city dest_country dest_dns dest_ip dest_is_expected dest_nt_domain dest_nt_host dest_owner dest_pci_domain dest_priority dest_requires_av dest_should_timesync dest_should_update dvc dvc_asset dvc_asset_id dvc_asset_tag dvc_bunit dvc_category dvc_city dvc_country dvc_dns dvc_ip dvc_is_expected dvc_nt_host dvc_owner dvc_pci_domain dvc_priority dvc_requires_av dvc_should_timesync dvc_should_update event_id eventtype host id index linecount member_dn name object product punct severity severity_id signature signature_id source sourcetype splunk_server src src_ip status subject ta_windows_action tag tag::action tag::dest_requires_av tag::dest_should_timesync tag::dest_should_update tag::eventtype user vendor | |
| 4776,Authentication_Package ComputerName Error_Code EventType Keywords LogName Logon_Account Message OpCode RecordNumber SourceName Source_Workstation TaskCategory Type action app body category dest dest_asset dest_asset_id dest_asset_tag dest_bunit dest_category dest_city dest_country dest_dns dest_ip dest_is_expected dest_nt_host dest_owner dest_pci_domain dest_priority dest_requires_av dest_should_timesync dest_should_update dvc dvc_asset dvc_asset_id dvc_asset_tag dvc_bunit dvc_category dvc_city dvc_country dvc_dns dvc_ip dvc_is_expected dvc_nt_host dvc_owner dvc_pci_domain dvc_priority dvc_requires_av dvc_should_timesync dvc_should_update event_id eventtype host id index linecount name object product punct severity severity_id signature signature_id source sourcetype splunk_server src src_asset src_asset_id src_asset_tag src_bunit src_category src_city src_country src_dns src_ip src_is_expected src_mac src_nt_host src_owner src_pci_domain src_priority src_requires_av src_should_timesync src_should_update status subject ta_windows_action tag tag::action tag::dest_requires_av tag::dest_should_timesync tag::dest_should_update tag::eventtype tag::user_identity_tag tag::user_watchlist user user_bunit user_category user_first user_identity user_identity_id user_identity_tag user_last user_priority user_startDate user_watchlist vendor | |
| 5,Computer EventChannel EventDescription Image Keywords Level Opcode ProcessGuid ProcessId RecordID SecurityID Task TimeCreated UtcTime Version action app direction dvc dvc_asset dvc_asset_id dvc_asset_tag dvc_category dvc_city dvc_country dvc_dns dvc_ip dvc_mac dvc_nt_host dvc_owner dvc_pci_domain dvc_priority dvc_requires_av dvc_should_update eventtype host index linecount process process_id punct session_id signature signature_id source sourcetype splunk_server tag tag::eventtype vendor_product | |
| 6000,ComputerName Error_Code EventType Keywords LogName Message OpCode RecordNumber SourceName TaskCategory Type category dvc dvc_asset dvc_asset_id dvc_asset_tag dvc_category dvc_city dvc_country dvc_dns dvc_ip dvc_mac dvc_nt_host dvc_owner dvc_pci_domain dvc_priority dvc_requires_av dvc_should_update event_id eventtype host id index linecount punct severity severity_id signature_id source sourcetype splunk_server tag tag::eventtype | |
| 63,ComputerName Error_Code EventType Keywords LogName Message OpCode RecordNumber SourceName TaskCategory Type category dvc dvc_asset dvc_asset_id dvc_asset_tag dvc_category dvc_city dvc_country dvc_dns dvc_ip dvc_mac dvc_nt_host dvc_owner dvc_pci_domain dvc_priority dvc_requires_av dvc_should_update event_id eventtype host id index linecount punct severity severity_id signature_id source sourcetype splunk_server tag tag::eventtype | |
| 7001,ComputerName Error_Code EventType Keywords LogName Message OpCode RecordNumber Sid SidType SourceName TaskCategory Type User body category dest dest_asset dest_asset_id dest_asset_tag dest_category dest_city dest_country dest_dns dest_ip dest_mac dest_nt_host dest_owner dest_pci_domain dest_priority dest_requires_av dest_should_update dvc dvc_asset dvc_asset_id dvc_asset_tag dvc_category dvc_city dvc_country dvc_dns dvc_ip dvc_mac dvc_nt_host dvc_owner dvc_pci_domain dvc_priority dvc_requires_av dvc_should_update event_id eventtype host id index linecount product punct severity severity_id signature_id source sourcetype splunk_server tag tag::dest_requires_av tag::dest_should_update tag::eventtype user vendor | |
| 7036,ComputerName Error_Code EventType Keywords LogName Message OpCode RecordNumber SourceName TaskCategory Type body category dest dest_asset dest_asset_id dest_asset_tag dest_category dest_city dest_country dest_dns dest_ip dest_mac dest_nt_host dest_owner dest_pci_domain dest_priority dest_requires_av dest_should_update dvc dvc_asset dvc_asset_id dvc_asset_tag dvc_category dvc_city dvc_country dvc_dns dvc_ip dvc_mac dvc_nt_host dvc_owner dvc_pci_domain dvc_priority dvc_requires_av dvc_should_update event_id eventtype host id index linecount product punct severity severity_id signature_id source sourcetype splunk_server tag tag::dest_requires_av tag::dest_should_update tag::eventtype vendor | |
| 7040,ComputerName Error_Code EventType Keywords LogName Message OpCode RecordNumber Sid SidType SourceName TaskCategory Type User body category dest dest_asset dest_asset_id dest_asset_tag dest_category dest_city dest_country dest_dns dest_ip dest_mac dest_nt_host dest_owner dest_pci_domain dest_priority dest_requires_av dest_should_update dvc dvc_asset dvc_asset_id dvc_asset_tag dvc_category dvc_city dvc_country dvc_dns dvc_ip dvc_mac dvc_nt_host dvc_owner dvc_pci_domain dvc_priority dvc_requires_av dvc_should_update event_id eventtype host id index linecount product punct severity severity_id signature_id source sourcetype splunk_server tag tag::dest_requires_av tag::dest_should_update tag::eventtype user vendor | |
| 8196,ComputerName Error_Code EventType Keywords LogName Message OpCode RecordNumber SourceName TaskCategory Type category dvc dvc_asset dvc_asset_id dvc_asset_tag dvc_category dvc_city dvc_country dvc_dns dvc_ip dvc_mac dvc_nt_host dvc_owner dvc_pci_domain dvc_priority dvc_requires_av dvc_should_update event_id eventtype host id index linecount punct severity severity_id signature_id source sourcetype splunk_server tag tag::eventtype | |
| 8198,ComputerName Error_Code EventType Keywords LogName Message OpCode RecordNumber SourceName TaskCategory Type category dvc dvc_asset dvc_asset_id dvc_asset_tag dvc_bunit dvc_category dvc_city dvc_country dvc_dns dvc_ip dvc_is_expected dvc_nt_host dvc_owner dvc_pci_domain dvc_priority dvc_requires_av dvc_should_timesync dvc_should_update event_id eventtype host id index linecount punct severity severity_id signature_id source sourcetype splunk_server tag tag::eventtype | |
| 900,ComputerName Error_Code EventType Keywords LogName Message OpCode RecordNumber SourceName TaskCategory Type category dvc dvc_asset dvc_asset_id dvc_asset_tag dvc_bunit dvc_category dvc_city dvc_country dvc_dns dvc_ip dvc_is_expected dvc_mac dvc_nt_host dvc_owner dvc_pci_domain dvc_priority dvc_requires_av dvc_should_timesync dvc_should_update event_id eventtype host id index linecount punct severity severity_id signature_id source sourcetype splunk_server tag tag::eventtype | |
| 9007,ComputerName Error_Code EventType Keywords LogName Message OpCode RecordNumber SourceName TaskCategory Type category dvc dvc_asset dvc_asset_id dvc_asset_tag dvc_category dvc_city dvc_country dvc_dns dvc_ip dvc_mac dvc_nt_host dvc_owner dvc_pci_domain dvc_priority dvc_requires_av dvc_should_update event_id eventtype host id index linecount punct severity severity_id signature_id source sourcetype splunk_server tag tag::eventtype | |
| 9009,ComputerName Error_Code EventType Keywords LogName Message OpCode RecordNumber SourceName TaskCategory Type category dvc dvc_asset dvc_asset_id dvc_asset_tag dvc_bunit dvc_category dvc_city dvc_country dvc_dns dvc_ip dvc_is_expected dvc_nt_host dvc_owner dvc_pci_domain dvc_priority dvc_requires_av dvc_should_timesync dvc_should_update event_id eventtype host id index linecount punct severity severity_id signature_id source sourcetype splunk_server tag tag::eventtype | |
| 902,ComputerName Error_Code EventType Keywords LogName Message OpCode RecordNumber SourceName TaskCategory Type category dvc dvc_asset dvc_asset_id dvc_asset_tag dvc_category dvc_city dvc_country dvc_dns dvc_ip dvc_mac dvc_nt_host dvc_owner dvc_pci_domain dvc_priority dvc_requires_av dvc_should_update event_id eventtype host id index linecount punct severity severity_id signature_id source sourcetype splunk_server tag tag::eventtype | |
| 903,ComputerName Error_Code EventType Keywords LogName Message OpCode RecordNumber SourceName TaskCategory Type category dvc dvc_asset dvc_asset_id dvc_asset_tag dvc_category dvc_city dvc_country dvc_dns dvc_ip dvc_mac dvc_nt_host dvc_owner dvc_pci_domain dvc_priority dvc_requires_av dvc_should_update event_id eventtype host id index linecount punct severity severity_id signature_id source sourcetype splunk_server tag tag::eventtype |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment