Ahnlab EPP EDR Windows Event
EDR_OS_EVENT Event
| Type | Field | Display Name | Description |
|---|---|---|---|
| Date | _time | Time | |
| String | event_id | Event ID | |
| IP address | src_ip | Source IP | |
| String | src_mac | Source MAC | |
| String | hostname | Hostname | |
| String | user | Account | |
| String | dept_name | Department | |
| String | user_name | Name | |
| String | provider | Event provider | e.g. Microsoft-Windows-Security-Auditing |
| String | channel | Event channel | e.g. Security |
| Integer | event_idx | Event No | e.g. 15 |
| String | level | Level | |
| String | task | Task | e.g. Logon |
| String | msg | Message | |
| String | platform_id | Platform ID | e.g. WINDOWS_10_X64 |
| String | keywords | Keyword | |
| String | opcode | Opcode | |
| String | node_id | Node ID | e.g. 7 |
| String | group_id | Group ID | e.g. 8 |
| String | host_id | Host ID | e.g. 25 |
| Date | client_time | Client time |