WindowsEvent
Windows events which are collected and sent by the agent.
Categories
- Security
Solutions
- CustomizedWindowsEventsFiltering
- InternalWindowsEvent
- Microsoft Sentinel
- WEFInternalUat
- WEF_10x
- WEF_10xDSRE
- WinLog
- WindowsEventForwarding
Columns
| Column | Type | Description |
|---|---|---|
| Channel | string | |
| Computer | string | |
| Data | dynamic | |
| EventData | dynamic | Contains the event data parsed to dynamic type. If the parsing fails then this field will contain null and the RawEventData field will be populated. |
| EventID | int | |
| EventLevel | int | |
| EventLevelName | string | |
| EventOriginId | string | The unique ID of the original event |
| ManagementGroupName | string | |
| Provider | string | |
| RawEventData | string | The raw event XML when parsing fails. It's null when parsing successful. |
| _ResourceId | string | A unique identifier for the resource that the record is associated with |
| _SubscriptionId | string | A unique identifier for the subscription that the record is associated with |
| Task | int | |
| TimeGenerated | datetime | |
| Type | string | The name of the table |