Windows Event logs.

Platform support

Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error: no such table: windows_events

  • Windows

Table schema

Name Type Description
time BIGINT Timestamp the event was received
datetime TEXT System time at which the event occurred
source TEXT Source or channel of the event
provider_name TEXT Provider name of the event
provider_guid TEXT Provider guid of the event
eventid INTEGER Event ID of the event
task INTEGER Task value associated with the event
level INTEGER The severity level associated with the event
keywords BIGINT A bitmask of the keywords defined in the event
data TEXT Data associated with the event
eid TEXT Event ID

Query examples

select * from windows_events where eventid=4104 and channel='Security'