The field names.
Instead of what is being collected,
2017 Feb 21 13:33:23 WinEvtLog: Security: AUDIT_SUCCESS(4627):
Microsoft-Windows-Security-Auditing: (no user): no domain: Hostname:
S-1-5-18 HOSTNAME$ DOMAIN 0x3e7
S-1-5-21-XX-XX-XX- Username HOSTNAME 0x22d8dd8
On Mon, Feb 20, 2017 at 6:08 AM, Casimiro wrote:
> Version 2.8
>
> Events:
>
> WinEvtLog: Security: AUDIT_FAILURE(5152):
> Microsoft-Windows-Security-Auditing: no domain: WKUSR01.cm.shr: The Windows
> Filtering Platform blocked a packet. Application Information: Process ID: 0
On Mon, Feb 20, 2017 at 6:09 AM, InfoSec wrote:
> The event is from a Windows 10 system.
>
> I have turned on logall. I am having a hard time regenerating event ID 5140,
> however I have spotted several other event types where the xml field labels
> are NOT logged up by
On Feb 21, 2017 9:05 AM, wrote:
Hi ,
I am unable to receive emails triggered on events to the specified
email-id.
Could anyone please help me on this .
Sure.
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
Hi ,
I am unable to receive emails triggered on events to the specified
email-id.
Could anyone please help me on this .
--
---
You received this message because you are subscribed to the Google Groups
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it,
Here's another event missing firld names: Event ID 4627 which lists the
group membership of a user when he logs on is missing field names.
2017 Feb 21 13:33:23 WinEvtLog: Security: AUDIT_SUCCESS(4627):
Microsoft-Windows-Security-Auditing: (no user): no domain: Hostname:
S-1-5-18 HOSTNAME$