windows_events¶
Windows Event logs.
Platform support¶
Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error: no such table: windows_events
Windows
Table schema¶
Name |
Type |
Description |
|---|---|---|
time |
BIGINT |
Timestamp the event was received |
datetime |
TEXT |
System time at which the event occurred |
source |
TEXT |
Source or channel of the event |
provider_name |
TEXT |
Provider name of the event |
provider_guid |
TEXT |
Provider guid of the event |
eventid |
INTEGER |
Event ID of the event |
task |
INTEGER |
Task value associated with the event |
level |
INTEGER |
The severity level associated with the event |
keywords |
BIGINT |
A bitmask of the keywords defined in the event |
data |
TEXT |
Data associated with the event |
eid |
TEXT |
Event ID |
Query examples¶
select * from windows_events where eventid=4104 and channel='Security'