windows_event_user_account_deleted SCHEMA description string Plugin description text eventid int The Windows event ID privilege_list string The list of user privileges which were used during the operation provider_name...

windows_event_user_account_locked_out SCHEMA description string Plugin description text eventid int The Windows event ID provider_name string The Windows event provider source string The Windows event source...

windows_powershell_script_blocks SCHEMA script_block_count int The total number of script blocks for this script script_block_id string The unique GUID of the powershell script to which this block belongs script_name string...

windows_programs SCHEMA identifying_number string Product identification such as a serial number on software, or a die number on a hardware chip install_date string Date that this product was installed on the system install_source...

windows_services_md5 SCHEMA description string Plugin description text display_name string Service Display name name string Name of the registry value entry path string Full path to the value sha1 string...

windows_services_md5 SCHEMA description string Plugin description text display_name string Service Display name name string Name of the registry value entry path string Full path to the value sha1 string...

windows_startup_items SCHEMA cmdline string Process command line name string Name of the registry value entry path string Full path to the value result string The authenticode signature of the startup item ...

windows_startup_programs_md5 SCHEMA core_file_info string Core file info file_size long File size now global_rep int The machine learning global reputation now global_rep_data string All global reputation data...

windows_updates_patch SCHEMA caption string Short description of the patch description string Plugin description text hotfix_id string The kb article ID for the update installed_by string The system context...

windows_wsl_installed SCHEMA atime long Last access time ctime long Time of the change event filename string Name of the file that has changed mtime long time of the most recent registry write path string...