I've loaded a series of Windows Event Logs and noticed that the EventData section is not being parsed. For instance, in the 4624 logs from the security.evtx file, it is not possible to apply filters based on fields like LogonType or ProcessName.
Since the EventData section contains important information, it would be extremely helpful to create search patterns that can also account for the fields within this section.
I've loaded a series of Windows Event Logs and noticed that the EventData section is not being parsed. For instance, in the 4624 logs from the security.evtx file, it is not possible to apply filters based on fields like LogonType or ProcessName.
Since the EventData section contains important information, it would be extremely helpful to create search patterns that can also account for the fields within this section.