search

OTRF / OSSEM

Open Source Security Events Metadata (OSSEM)
MIT License
1.22k stars 212 forks source link

Windows Security 5145: Missing Field Names and title is wrong #46

Closed Cyb3rWard0g closed 4 years ago

Cyb3rWard0g commented 4 years ago

Event: https://github.com/Cyb3rWard0g/OSSEM/blob/master/data_dictionaries/windows/security/events/event-5145.md

Missing fields from : https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-5145

<Data Name="SubjectUserSid">S-1-5-21-3457937927-2839227994-823803824-1104</Data> 
 <Data Name="SubjectUserName">dadmin</Data> 
 <Data Name="SubjectDomainName">CONTOSO</Data> 
 <Data Name="SubjectLogonId">0x38d34</Data> 
 <Data Name="ObjectType">File</Data> 
 <Data Name="IpAddress">fe80::31ea:6c3c:f40d:1973</Data> 
 <Data Name="IpPort">56926</Data> 
 <Data Name="ShareName">\\\\\*\\Documents</Data> 
 <Data Name="ShareLocalPath">\\??\\C:\\Documents</Data> 
 <Data Name="RelativeTargetName">Bginfo.exe</Data> 
 <Data Name="AccessMask">0x100081</Data> 
 <Data Name="AccessList">%%1541 %%4416 %%4423</Data> 
 <Data Name="AccessReason">%%1541: %%1801 D:(A;;FA;;;WD) %%4416: %%1801 D:(A;;FA;;;WD) %%4423: %%1801 D:(A;;FA;;;WD)</Data>
Cyb3rWard0g commented 4 years ago

@jsecurity101 , I found a few things to update for 5145.