Closed Cyb3rWard0g closed 4 years ago
Event: https://github.com/Cyb3rWard0g/OSSEM/blob/master/data_dictionaries/windows/security/events/event-5145.md
Missing fields from : https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-5145
<Data Name="SubjectUserSid">S-1-5-21-3457937927-2839227994-823803824-1104</Data> <Data Name="SubjectUserName">dadmin</Data> <Data Name="SubjectDomainName">CONTOSO</Data> <Data Name="SubjectLogonId">0x38d34</Data> <Data Name="ObjectType">File</Data> <Data Name="IpAddress">fe80::31ea:6c3c:f40d:1973</Data> <Data Name="IpPort">56926</Data> <Data Name="ShareName">\\\\\*\\Documents</Data> <Data Name="ShareLocalPath">\\??\\C:\\Documents</Data> <Data Name="RelativeTargetName">Bginfo.exe</Data> <Data Name="AccessMask">0x100081</Data> <Data Name="AccessList">%%1541 %%4416 %%4423</Data> <Data Name="AccessReason">%%1541: %%1801 D:(A;;FA;;;WD) %%4416: %%1801 D:(A;;FA;;;WD) %%4423: %%1801 D:(A;;FA;;;WD)</Data>
@jsecurity101 , I found a few things to update for 5145.
Event: https://github.com/Cyb3rWard0g/OSSEM/blob/master/data_dictionaries/windows/security/events/event-5145.md
Missing fields from : https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-5145