Closed Cyb3rPandaH closed 2 years ago
event_version
security_events
event_id: 4657 name: A registry value was modified. platform: windows audit_category: Object Access audit_sub_category: Registry log_source: Microsoft-Windows-Security-Auditing filter_in: - OperationType: Existing registry value modified event_version: - '0'
source
target
event_version
field: to identify data dictionariessecurity_events
section: audit_category and audit_sub_category only apply to Security Auditing and Sysmon events Example:source
andtarget
entities from behavior section with OSSEM CDM