search

OTRF / OSSEM

Open Source Security Events Metadata (OSSEM)
MIT License
1.22k stars 212 forks source link

Standardized names for ProcessID and SubjectLogonID #40

Closed jsecurity101 closed 4 years ago

jsecurity101 commented 4 years ago

Standardized names for ProcessID and SubjectLogonID

jsecurity101 commented 4 years ago

Added 5145 events

Cyb3rWard0g commented 4 years ago

Hey @jsecurity101 ! Thank you for the updates. Would you mind checking process_id for 4662 and 4742. That field does not belong to the event data of the event itself. I believe it is related to the event log metadata. https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4742 , https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4662

Cyb3rWard0g commented 4 years ago

Awesome man thank you!