SysmonEvent
-
Article
-
- 2 minutes to read
-
Categories
Solutions
Columns
| Column |
Type |
Description |
| Activity |
string |
|
| CallTrace |
string |
|
| CmdLine |
string |
|
| Computer |
string |
|
| ComputerEnvironment |
string |
|
| Configuration |
string |
|
| CreationUtcTime |
datetime |
|
| CurrentDirectory |
string |
|
| Description |
string |
|
| DestinationHostname |
string |
|
| DestinationIp |
string |
|
| DestinationIsIpv6 |
bool |
|
| DestinationPort |
int |
|
| DestinationPortName |
string |
|
| Details |
string |
|
| Device |
string |
|
| GrantedAccess |
string |
|
| ID |
string |
|
| Image |
string |
|
| ImageLoaded |
string |
|
| Imphash |
string |
|
| Initiated |
bool |
|
| IntegrityLevel |
string |
|
| LogonGuid |
string |
|
| LogonId |
string |
|
| MD5Hash |
string |
|
| NewName |
string |
|
| NewThreadId |
long |
|
| ParentCommandLine |
string |
|
| ParentImage |
string |
|
| ParentProcessGuid |
string |
|
| ParentProcessId |
string |
|
| PipeName |
string |
|
| PreviousCreationUtcTime |
datetime |
|
| ProcessGuid |
string |
|
| ProcessID |
int |
|
| Protocol |
string |
|
| Resource |
string |
|
| ResourceGroup |
string |
|
| ResourceId |
string |
|
| ResourceProvider |
string |
|
| ResourceType |
string |
|
| SchemaVersion |
string |
|
| SHA1Hash |
string |
|
| SHA256Hash |
string |
|
| SignatureStatus |
string |
|
| Signed |
string |
|
| SignedBy |
string |
|
| SourceHostname |
string |
|
| SourceImage |
string |
|
| SourceIp |
string |
|
| SourceIsIpv6 |
bool |
|
| SourcePort |
int |
|
| SourcePortName |
string |
|
| SourceProcessGuid |
string |
|
| SourceProcessID |
int |
|
| SourceSystem |
string |
|
| SourceThreadId |
long |
|
| StartAddress |
string |
|
| StartFunction |
string |
|
| StartModule |
string |
|
| SubscriptionId |
string |
|
| SysmonEventID |
int |
|
| SysmonEventType |
string |
|
| SysmonState |
string |
|
| TargetFilename |
string |
|
| TargetImage |
string |
|
| TargetObject |
string |
|
| TargetProcessGuid |
string |
|
| TargetProcessID |
int |
|
| TerminalSessionId |
int |
|
| TimeGenerated |
datetime |
|
| Type |
string |
The name of the table |
| User |
string |
|
| Version |
string |
|