Closed jsecurity101 closed 4 years ago
Added 5145 events
Hey @jsecurity101 ! Thank you for the updates. Would you mind checking process_id for 4662 and 4742. That field does not belong to the event data of the event itself. I believe it is related to the event log metadata. https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4742 , https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4662
Awesome man thank you!
Standardized names for ProcessID and SubjectLogonID