Skip to content

Commit 0006b67

Browse files
v-amolpatilv-amolpatil
committed
kkkk
1 parent 3cc5e34 commit 0006b67

File tree

3 files changed

+3
-3
lines changed

3 files changed

+3
-3
lines changed

Parsers/ASimRegistryEvent/Parsers/ASimRegistryEventMicrosoftSecurityEvent.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
Parser:
22
Title: Registry Event ASIM parser for Microsoft Windows Events (registry creation event)
33
Version: "0.3.1"
4-
LastUpdated: Jun 20, 2024
4+
LastUpdated: Jun 21, 2024
55
Product:
66
Name: Security Events
77
Normalization:

Parsers/ASimRegistryEvent/Parsers/vimRegistryEventMicrosoftSecurityEvent.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
Parser:
22
Title: Registry Event ASIM filtering parser for Microsoft Windows Events and Security Events (registry creation event)
33
Version: "0.3.1"
4-
LastUpdated: Jun 20, 2024
4+
LastUpdated: Jun 21, 2024
55
Product:
66
Name: Security Events
77
Normalization:

Sample Data/ASIM/Microsoft_Security Events_RegistryEvent_IngestedLogs.csv

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ TenantId,TimeGenerated,SourceSystem,Account,AccountType,Computer,EventSourceName
1313
<Data Name=""ProcessId"">0xef8</Data>
1414
<Data Name=""ProcessName"">C:\Program Files\Windows Defender Advanced Threat Protection\test.exe</Data>
1515
<Data Name=""ResourceAttributes"">-</Data>
16-
</EventData>",4657,4657 - An attempt was made to access an object.,,,,,,%%1537 ,0x10000,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0x830,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,REG_NONE,%%1872,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Advanced Threat Protection\test\HeartBeats\EndpointErrors\0,Security,Key,REG_NONE,,,,,,REG_DWORD,%%1876,%%1906,,,,,,,,,,,MsTest.exe,0xef8,C:\Program Files\Windows Defender Advanced Threat Protection\MsTest.exe,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,test\abc005$,,,,test,,0x3e7,,,abc005$,S-1-5-18,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,LogAlways,ab4cf18f-60a7-4a88-8631-1cd2cb123456,ab4cf18f-60a7-4a88-8631-1cd2cb123456,00000000-0000-0000-0000-000000000001,6/24/2025 4:45,AOI-12345aea-6210-464b-a6dd-49f0fd95cef1,N/A,1,0,0x8020000000000000,,4,6952,693044958,SecurityEvent,/subscriptions/1abcd518-a6b8-4766-b099-d5c77b664f1d/resourcegroups/iam-test/providers/microsoft.compute/virtualmachines/abc005,cc
16+
</EventData>",4657,4657 - An attempt was made to access an object,,,,,,%%1537 ,0x10000,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0x830,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,REG_NONE,%%1872,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Advanced Threat Protection\test\HeartBeats\EndpointErrors\0,Security,Key,REG_NONE,,,,,,REG_DWORD,%%1876,%%1906,,,,,,,,,,,MsTest.exe,0xef8,C:\Program Files\Windows Defender Advanced Threat Protection\MsTest.exe,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,test\abc005$,,,,test,,0x3e7,,,abc005$,S-1-5-18,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,LogAlways,ab4cf18f-60a7-4a88-8631-1cd2cb123456,ab4cf18f-60a7-4a88-8631-1cd2cb123456,00000000-0000-0000-0000-000000000001,6/24/2025 4:45,AOI-12345aea-6210-464b-a6dd-49f0fd95cef1,N/A,1,0,0x8020000000000000,,4,6952,693044958,SecurityEvent,/subscriptions/1abcd518-a6b8-4766-b099-d5c77b664f1d/resourcegroups/iam-test/providers/microsoft.compute/virtualmachines/abc005,cc
1717
12345aea-6210-464b-a6dd-49f0fd95cef1,6/24/2025 4:48,OpsManager,test\abc005$,Machine,abc005$.test.net,Microsoft-Windows-Security-Auditing,Security,12801,0,"<EventData xmlns=""http://schemas.microsoft.com/win/2004/08/events/event"">
1818
<Data Name=""SubjectUserSid"">S-1-5-18</Data>
1919
<Data Name=""SubjectUserName"">abc005$</Data>

0 commit comments

Comments
 (0)