windows_event_disallowed_credentials SCHEMA cred_type string Types of credentials which were presented for delegation description string Plugin description text eventid int The Windows event ID package string...

windows_event_dos_attack_detected SCHEMA description string Plugin description text eventid int The Windows event ID provider_name string The Windows event provider source string The Windows event source ...

windows_event_invalid_logon SCHEMA authentication_package string The name of the authentication package which was used for the logon description string Plugin description text eventid int The Windows event ID failure_reason...

windows_event_invalid_logon_brute_force SCHEMA authentication_package string The name of the authentication package which was used for the logon description string Plugin description text eventid int The Windows event...

windows_event_replay_attack SCHEMA authentication_package string The name of the authentication package which was used for the logon description string Plugin description text eventid int The Windows event ID logon_process...

windows_event_scheduled_task_created SCHEMA description string Plugin description text eventid int The Windows event ID provider_name string The Windows event provider source string The Windows event source...

windows_event_successful_logon SCHEMA authentication_package string The name of the authentication package which was used for the logon description string Plugin description text event_timestamps string List of times...

windows_event_uac_bypass_journal SCHEMA description string Plugin description text event_time long The time (unix epoch) the value was set event_type int The event type key_name string The registry key path...

windows_event_user_account_changed SCHEMA account_expires string The date when the account expires allowed_to_delegate_to string The list of SPNs to which this account can present delegated credentials. description string...

windows_event_user_account_created SCHEMA user_workstations string Contains the list of NetBIOS or DNS names of the computers from which the user can logon. account_expires string The date when the account expires allowed_to_delegate_to...