Attention
Zercurity has been acquired by JumpCloud.
This documentation will no longer be maintained or updated. You can read more about the acquisition, or signup to JumpCloud today.
windows_events¶
Windows Event logs.
Platform support¶
Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error: no such table: windows_events
- Windows
Table schema¶
Name | Type | Description |
---|---|---|
time | BIGINT | Timestamp the event was received |
datetime | TEXT | System time at which the event occurred |
source | TEXT | Source or channel of the event |
provider_name | TEXT | Provider name of the event |
provider_guid | TEXT | Provider guid of the event |
eventid | INTEGER | Event ID of the event |
task | INTEGER | Task value associated with the event |
level | INTEGER | The severity level associated with the event |
keywords | BIGINT | A bitmask of the keywords defined in the event |
data | TEXT | Data associated with the event |
eid | TEXT | Event ID |
Query examples¶
select * from windows_events where eventid=4104 and channel='Security'