Windows Event logs.
Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error:
no such table: windows_events
|time||BIGINT||Timestamp the event was received|
|datetime||TEXT||System time at which the event occurred|
|source||TEXT||Source or channel of the event|
|provider_name||TEXT||Provider name of the event|
|provider_guid||TEXT||Provider guid of the event|
|eventid||INTEGER||Event ID of the event|
|task||INTEGER||Task value associated with the event|
|level||INTEGER||The severity level associated with the event|
|keywords||BIGINT||A bitmask of the keywords defined in the event|
|data||TEXT||Data associated with the event|
select * from windows_events where eventid=4104 and channel='Security'