Cyb3rWard0g
commented
3 years ago Hey @nicolasreich , yes thank you very much for sharing the feedback and this is the best way to report those mismatch. As I mentioned in a previous issue, we are reviewing those events and fixing a few of those inconsistencies from an endpoint perspective.
Hello, the In some Windows Security logs concerning Object Access, the field (e.g. 4656) AccessList is translated into
user_privilege_listwhile for others it isobject_access_list. Which one is right?PS: Is opening issues on this repo the right procedure for issues like this? Is there something you would prefer?