Linux user events SCHEMA address string IPv4 address target audit_type int The file description for the process socket message string Message from the event path string Full path to the value pid long...

This detects a potential vulnerability in application compatibility mode being set https://www.itnews.com.au/news/windows-compatibility-mode-resurfaces-old-flaws-473058 Schema analysis string JSON object representing the analysis ...

Detect disabled exception chain validation. https://www.windowsworkstation.com/win2012/disable-sehop/ SCHEMA analysis string JSON object representing the analysis data string Data content of registry value key string ...

Not sure what this is detecting have to check with the Sophos Managed Threat Response Team on it. SCHEMA analysis string JSON object representing the analysis data string Data content of registry value key string Name...

well its a vulnerability need to get descriptions of each of these vulnerabilities into the documentation. SCHEMA analysis string JSON object representing the analysis data string Data content of registry value key string...

vulnerability_audit_special_groups Schema analysis string JSON object representing the analysis data string Data content of registry value key string Name of the key mtime long time of the most recent registry...

Certificate padding vulnerability SCHEMA analysis string JSON object representing the analysis data string Data content of registry value key string Name of the key mtime long time of the most recent registry...

vulnerability_dep SCHEMA analysis string JSON object representing the analysis data string Data content of registry value key string Name of the key mtime long time of the most recent registry write name...

Detect developer mode SCHEMA analysis string JSON object representing the analysis data string Data content of registry value key string Name of the key mtime long time of the most recent registry write ...

Detect disallowed paths, need to get a definition of such from MRT SCHEMA analysis string JSON object representing the analysis data string Data content of registry value key string Name of the key mtime long...