|
Field name |
Description |
Example value |
|---|---|---|
|
user_name |
User name. |
DESKTOP-0731NFQ\\Username |
|
timestamp |
Time when the event was received in the following format: yyyy-mm-ddThh:mm:ssZ. |
2022-05-12T08:11:46.15869Z |
|
status |
Result of WMI или SNMP request. |
OK, Error |
|
source_name |
Event log source. |
Microsoft-Windows-Security-Auditing |
|
endpoint_name |
Name of endpoint or sensor. |
DESKTOP-0731NFQ |
|
endpoint_id |
Endpoint or sensor ID. |
35fb5820-74db-4eac-b05b-d01bc284c4e8 |
|
node |
A unique name of the device which generated the event. |
35fb5820-74db-4eac-b05b-d01bc284c4e8 |
|
log_level |
Log event type. |
Success Audit, Warning, Information, Failure Audit, Error |
|
log_file |
Event log file containing information about software and hardware security events. |
Security, Application, System, Windows PowerShell |
|
log_event_type |
Log event type. |
1 (error), 2 (warning), 3 (information), 4 (audit success), 5 (audit failure). |
|
log_event_id |
Log event ID. |
4672 |
|
log_event_code |
Log event code. |
14056 |
|
log_category_string |
Incident category. |
Special Logon |
|
insertion_string |
Insertion string is data from the Windows EventData block. |
Windows DefenderSECURITY_PRODUCT_STATE_ON |
|
error |
WMI or SNMP error occurred in result of request execution. |
0 |
|
data |
Event details. |
Windows Defender status successfully changed to SECURITY_PRODUCT_STATE_ON. |
|
counter_id |
Counter ID of WMI or SNMP sensor. |
35fb5820-74db-4eac-b05b-d01bc284c4e8 |
|
computer_name |
Endpoint name. |
DESKTOP-0731NFQ |