windows_events ============== Windows Event logs. Platform support ---------------- Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. **Running a query against an unsupported platform will result in the following error:** ``no such table: windows_events`` - Windows Table schema ------------ ============= ======= ============================================== Name Type Description ============= ======= ============================================== time BIGINT Timestamp the event was received datetime TEXT System time at which the event occurred source TEXT Source or channel of the event provider_name TEXT Provider name of the event provider_guid TEXT Provider guid of the event eventid INTEGER Event ID of the event task INTEGER Task value associated with the event level INTEGER The severity level associated with the event keywords BIGINT A bitmask of the keywords defined in the event data TEXT Data associated with the event eid TEXT Event ID ============= ======= ============================================== Query examples -------------- .. code-block:: sql select * from windows_events where eventid=4104 and channel='Security'