Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Sample Data/Custom/NetwrixAuditor.log

167 строки
39 KiB
Plaintext
Исходник Ответственный История

CEF:0|Netwrix|Self-audit|1.0|Successful Logon|Successful Logon Local logon|0|shost=SRV-SBPAM-002 cat=Local logon suser=FOR-SBPAM\\Administrator filePath=SRV-SBPAM-002 start=May 12 2022 17:42:56 GMT
CEF:0|Netwrix|Self-audit|1.0|Modified|Modified Netwrix Auditor global settings|0|shost=SRV-SBPAM-002 cat=Netwrix Auditor global settings suser=FOR-SBPAM\\Administrator filePath=Audit database settings start=May 12 2022 18:43:25 GMT msg=Settings changed
CEF:0|Netwrix|Self-audit|1.0|Successful Logon|Successful Logon Local logon|0|shost=SRV-SBPAM-002 cat=Local logon suser=FOR-SBPAM\\Administrator filePath=SRV-SBPAM-002 start=May 12 2022 18:33:10 GMT
CEF:0|Netwrix|Self-audit|1.0|Added|Added Monitoring Plan|0|shost=SRV-SBPAM-002 cat=Monitoring Plan suser=FOR-SBPAM\\Administrator filePath=AD start=May 12 2022 18:44:46 GMT msg=Monitoring plan path: "All Monitoring Plans\\AD"
CEF:0|Netwrix|Self-audit|1.0|Added|Added Data source|0|shost=SRV-SBPAM-002 cat=Data source suser=FOR-SBPAM\\Administrator filePath=AD\\Active Directory start=May 12 2022 18:44:46 GMT msg=Monitoring status: "Enabled"
CEF:0|Netwrix|Self-audit|1.0|Added|Added Item|0|shost=SRV-SBPAM-002 cat=Item suser=FOR-SBPAM\\Administrator filePath=AD\\Active Directory\\for-sbpam.local (Domain) start=May 12 2022 18:45:13 GMT
CEF:0|Netwrix|Self-audit|1.0|Added|Added Monitoring Plan|0|shost=SRV-SBPAM-002 cat=Monitoring Plan suser=FOR-SBPAM\\Administrator filePath=Windows Server start=May 12 2022 18:46:46 GMT msg=Monitoring plan path: "All Monitoring Plans\\Windows Server"
CEF:0|Netwrix|Self-audit|1.0|Added|Added Data source|0|shost=SRV-SBPAM-002 cat=Data source suser=FOR-SBPAM\\Administrator filePath=Windows Server\\Windows Server start=May 12 2022 18:46:46 GMT msg=Monitoring status: "Enabled"
CEF:0|Netwrix|Self-audit|1.0|Added|Added Item|0|shost=SRV-SBPAM-002 cat=Item suser=FOR-SBPAM\\Administrator filePath=Windows Server\\Windows Server\\10.11.18.51 (Computer) start=May 12 2022 18:47:24 GMT
CEF:0|Netwrix|Self-audit|1.0|Added|Added Monitoring Plan|0|shost=SRV-SBPAM-002 cat=Monitoring Plan suser=FOR-SBPAM\\Administrator filePath=Group Policy start=May 12 2022 18:48:58 GMT msg=Monitoring plan path: "All Monitoring Plans\\Group Policy"
CEF:0|Netwrix|Self-audit|1.0|Added|Added Data source|0|shost=SRV-SBPAM-002 cat=Data source suser=FOR-SBPAM\\Administrator filePath=Group Policy\\Group Policy start=May 12 2022 18:48:58 GMT msg=Monitoring status: "Enabled"
CEF:0|Netwrix|Self-audit|1.0|Added|Added Item|0|shost=SRV-SBPAM-002 cat=Item suser=FOR-SBPAM\\Administrator filePath=Group Policy\\Group Policy\\for-sbpam.local (Domain) start=May 12 2022 18:50:40 GMT
CEF:0|Netwrix|Self-audit|1.0|Added|Added Item|0|shost=SRV-SBPAM-002 cat=Item suser=FOR-SBPAM\\Administrator filePath=Windows Server\\Windows Server\\for-sbpam.local/ (AD container) start=May 12 2022 18:51:26 GMT
CEF:0|Netwrix|Self-audit|1.0|Removed|Removed Item|0|shost=SRV-SBPAM-002 cat=Item suser=FOR-SBPAM\\Administrator filePath=Group Policy\\Group Policy\\for-sbpam.local (Domain) start=May 12 2022 18:55:05 GMT
CEF:0|Netwrix|Self-audit|1.0|Added|Added Item|0|shost=SRV-SBPAM-002 cat=Item suser=FOR-SBPAM\\Administrator filePath=Group Policy\\Group Policy\\for-sbpam.local (Domain) start=May 12 2022 18:55:24 GMT
CEF:0|Netwrix|Self-audit|1.0|Removed|Removed Monitoring Plan|0|shost=SRV-SBPAM-002 cat=Monitoring Plan suser=FOR-SBPAM\\Administrator filePath=Group Policy start=May 12 2022 19:00:40 GMT
CEF:0|Netwrix|Self-audit|1.0|Removed|Removed Data source|0|shost=SRV-SBPAM-002 cat=Data source suser=FOR-SBPAM\\Administrator filePath=Group Policy\\Group Policy start=May 12 2022 19:00:40 GMT
CEF:0|Netwrix|Self-audit|1.0|Removed|Removed Item|0|shost=SRV-SBPAM-002 cat=Item suser=FOR-SBPAM\\Administrator filePath=Group Policy\\Group Policy\\for-sbpam.local (Domain) start=May 12 2022 19:00:40 GMT
CEF:0|Netwrix|Self-audit|1.0|Removed|Removed Monitoring Plan|0|shost=SRV-SBPAM-002 cat=Monitoring Plan suser=FOR-SBPAM\\Administrator filePath=AD start=May 12 2022 19:00:42 GMT
CEF:0|Netwrix|Self-audit|1.0|Removed|Removed Data source|0|shost=SRV-SBPAM-002 cat=Data source suser=FOR-SBPAM\\Administrator filePath=AD\\Active Directory start=May 12 2022 19:00:42 GMT
CEF:0|Netwrix|Self-audit|1.0|Removed|Removed Item|0|shost=SRV-SBPAM-002 cat=Item suser=FOR-SBPAM\\Administrator filePath=AD\\Active Directory\\for-sbpam.local (Domain) start=May 12 2022 19:00:42 GMT
CEF:0|Netwrix|Self-audit|1.0|Removed|Removed Item|0|shost=SRV-SBPAM-002 cat=Item suser=FOR-SBPAM\\Administrator filePath=Windows Server\\Windows Server\\10.11.18.51 (Computer) start=May 12 2022 19:00:46 GMT
CEF:0|Netwrix|Self-audit|1.0|Removed|Removed Item|0|shost=SRV-SBPAM-002 cat=Item suser=FOR-SBPAM\\Administrator filePath=Windows Server\\Windows Server\\for-sbpam.local/ (AD container) start=May 12 2022 19:00:46 GMT
CEF:0|Netwrix|Self-audit|1.0|Removed|Removed Monitoring Plan|0|shost=SRV-SBPAM-002 cat=Monitoring Plan suser=FOR-SBPAM\\Administrator filePath=Windows Server start=May 12 2022 19:00:46 GMT
CEF:0|Netwrix|Self-audit|1.0|Removed|Removed Data source|0|shost=SRV-SBPAM-002 cat=Data source suser=FOR-SBPAM\\Administrator filePath=Windows Server\\Windows Server start=May 12 2022 19:00:46 GMT
CEF:0|Netwrix|Self-audit|1.0|Added|Added Data source|0|shost=SRV-SBPAM-002 cat=Data source suser=FOR-SBPAM\\Administrator filePath=AD\\Active Directory start=May 12 2022 19:02:27 GMT msg=Monitoring status: "Enabled"
CEF:0|Netwrix|Self-audit|1.0|Added|Added Monitoring Plan|0|shost=SRV-SBPAM-002 cat=Monitoring Plan suser=FOR-SBPAM\\Administrator filePath=AD start=May 12 2022 19:02:27 GMT msg=Monitoring plan path: "All Monitoring Plans\\AD"
CEF:0|Netwrix|Self-audit|1.0|Added|Added Item|0|shost=SRV-SBPAM-002 cat=Item suser=FOR-SBPAM\\Administrator filePath=AD\\Active Directory\\for-sbpam.local (Domain) start=May 12 2022 19:02:48 GMT
CEF:0|Netwrix|Self-audit|1.0|Added|Added Monitoring Plan|0|shost=SRV-SBPAM-002 cat=Monitoring Plan suser=FOR-SBPAM\\Administrator filePath=Windows Server start=May 12 2022 19:05:29 GMT msg=Monitoring plan path: "All Monitoring Plans\\Windows Server"
CEF:0|Netwrix|Self-audit|1.0|Added|Added Data source|0|shost=SRV-SBPAM-002 cat=Data source suser=FOR-SBPAM\\Administrator filePath=Windows Server\\Windows Server start=May 12 2022 19:05:29 GMT msg=Monitoring status: "Enabled"
CEF:0|Netwrix|Self-audit|1.0|Added|Added Item|0|shost=SRV-SBPAM-002 cat=Item suser=FOR-SBPAM\\Administrator filePath=Windows Server\\Windows Server\\10.11.18.51 (Computer) start=May 12 2022 19:05:53 GMT
CEF:0|Netwrix|Self-audit|1.0|Added|Added Monitoring Plan|0|shost=SRV-SBPAM-002 cat=Monitoring Plan suser=FOR-SBPAM\\Administrator filePath=Group Policy start=May 12 2022 19:07:57 GMT msg=Monitoring plan path: "All Monitoring Plans\\Group Policy"
CEF:0|Netwrix|Self-audit|1.0|Added|Added Data source|0|shost=SRV-SBPAM-002 cat=Data source suser=FOR-SBPAM\\Administrator filePath=Group Policy\\Group Policy start=May 12 2022 19:07:57 GMT msg=Monitoring status: "Enabled"
CEF:0|Netwrix|Self-audit|1.0|Added|Added Item|0|shost=SRV-SBPAM-002 cat=Item suser=FOR-SBPAM\\Administrator filePath=Group Policy\\Group Policy\\for-sbpam.local (Domain) start=May 12 2022 19:08:02 GMT
CEF:0|Netwrix|Self-audit|1.0|Added|Added Monitoring Plan|0|shost=SRV-SBPAM-002 cat=Monitoring Plan suser=FOR-SBPAM\\Administrator filePath=Network Devices start=May 12 2022 19:10:53 GMT msg=Monitoring plan path: "All Monitoring Plans\\Network Devices"
CEF:0|Netwrix|Self-audit|1.0|Added|Added Data source|0|shost=SRV-SBPAM-002 cat=Data source suser=FOR-SBPAM\\Administrator filePath=Network Devices\\Network Devices start=May 12 2022 19:10:53 GMT msg=Monitoring status: "Enabled"
CEF:0|Netwrix|Self-audit|1.0|Added|Added Item|0|shost=SRV-SBPAM-002 cat=Item suser=FOR-SBPAM\\Administrator filePath=Network Devices\\Network Devices\\10.11.18.51 (Syslog device) start=May 12 2022 19:11:45 GMT
CEF:0|Netwrix|Self-audit|1.0|Added|Added Monitoring Plan|0|shost=SRV-SBPAM-002 cat=Monitoring Plan suser=FOR-SBPAM\\Administrator filePath=AD FS start=May 12 2022 19:16:40 GMT msg=Monitoring plan path: "All Monitoring Plans\\AD FS"
CEF:0|Netwrix|Self-audit|1.0|Added|Added Data source|0|shost=SRV-SBPAM-002 cat=Data source suser=FOR-SBPAM\\Administrator filePath=AD FS\\AD FS start=May 12 2022 19:16:40 GMT msg=Monitoring status: "Enabled"
CEF:0|Netwrix|Self-audit|1.0|Added|Added Item|0|shost=SRV-SBPAM-002 cat=Item suser=FOR-SBPAM\\Administrator filePath=AD FS\\AD FS\\10.11.18.51 (Federation server) start=May 12 2022 19:16:50 GMT
CEF:0|Netwrix|Self-audit|1.0|Removed|Removed Item|0|shost=SRV-SBPAM-002 cat=Item suser=FOR-SBPAM\\Administrator filePath=AD FS\\AD FS\\10.11.18.51 (Federation server) start=May 12 2022 19:18:40 GMT
CEF:0|Netwrix|Self-audit|1.0|Added|Added Item|0|shost=SRV-SBPAM-002 cat=Item suser=FOR-SBPAM\\Administrator filePath=AD FS\\AD FS\\10.11.18.50 (Federation server) start=May 12 2022 19:18:58 GMT
CEF:0|Netwrix|Self-audit|1.0|Added|Added Monitoring Plan|0|shost=SRV-SBPAM-002 cat=Monitoring Plan suser=FOR-SBPAM\\Administrator filePath=Logon Activity start=May 12 2022 19:20:18 GMT msg=Monitoring plan path: "All Monitoring Plans\\Logon Activity"
CEF:0|Netwrix|Self-audit|1.0|Added|Added Data source|0|shost=SRV-SBPAM-002 cat=Data source suser=FOR-SBPAM\\Administrator filePath=Logon Activity\\Logon Activity start=May 12 2022 19:20:18 GMT msg=Monitoring status: "Enabled"
CEF:0|Netwrix|Self-audit|1.0|Added|Added Item|0|shost=SRV-SBPAM-002 cat=Item suser=FOR-SBPAM\\Administrator filePath=Logon Activity\\Logon Activity\\for-sbpam.local (Domain) start=May 12 2022 19:20:27 GMT
CEF:0|Netwrix|Logon Activity|1.0|Successful Logon|Successful Logon Interactive logon|0|shost=srv-ad-1.for-sbpam.local cat=Interactive logon suser=FOR-SBPAM\\Administrator filePath=srv-sbpam-002.for-sbpam.local start=May 12 2022 18:51:27 GMT
CEF:0|Netwrix|Logon Activity|1.0|Successful Logon|Successful Logon Interactive logon|0|shost=srv-ad-1.for-sbpam.local cat=Interactive logon suser=FOR-SBPAM\\Administrator filePath=srv-sbpam-002.for-sbpam.local start=May 12 2022 18:45:38 GMT
CEF:0|Netwrix|Logon Activity|1.0|Successful Logon|Successful Logon Interactive logon|0|shost=srv-ad-1.for-sbpam.local cat=Interactive logon suser=FOR-SBPAM\\Administrator filePath=srv-sbpam-002.for-sbpam.local start=May 12 2022 18:51:42 GMT
CEF:0|Netwrix|Logon Activity|1.0|Successful Logon|Successful Logon Interactive logon|0|shost=srv-ad-1.for-sbpam.local cat=Interactive logon suser=FOR-SBPAM\\Administrator filePath=srv-sbpam-002.for-sbpam.local start=May 12 2022 18:18:59 GMT
CEF:0|Netwrix|Windows Server|1.0|Added|Added Add or Remove Programs|0|shost=10.11.18.51 cat=Add or Remove Programs suser=FOR-SBPAM\\SRV-SBPAM-002$ filePath=Add or Remove Programs\\Microsoft Edge Update start=May 12 2022 19:14:56 GMT msg=Installed For: All users, Version: 1.3.161.35
CEF:0|Netwrix|Windows Server|1.0|Removed|Removed Add or Remove Programs|0|shost=10.11.18.51 cat=Add or Remove Programs suser=FOR-SBPAM\\SRV-SBPAM-002$ filePath=Add or Remove Programs\\Microsoft Edge Update start=May 12 2022 19:14:56 GMT msg=Installed For: All users, Version: 1.3.153.47
CEF:0|Netwrix|Self-audit|1.0|Added|Added Data source|0|shost=SRV-SBPAM-002 cat=Data source suser=FOR-SBPAM\\Administrator filePath=User Activity\\User Activity start=May 12 2022 19:22:40 GMT msg=Monitoring status: "Enabled"
CEF:0|Netwrix|Self-audit|1.0|Added|Added Monitoring Plan|0|shost=SRV-SBPAM-002 cat=Monitoring Plan suser=FOR-SBPAM\\Administrator filePath=User Activity start=May 12 2022 19:22:40 GMT msg=Monitoring plan path: "All Monitoring Plans\\User Activity"
CEF:0|Netwrix|Self-audit|1.0|Added|Added Item|0|shost=SRV-SBPAM-002 cat=Item suser=FOR-SBPAM\\Administrator filePath=User Activity\\User Activity\\10.11.18.51 (Computer) start=May 12 2022 19:22:51 GMT
CEF:0|Netwrix|Self-audit|1.0|Added|Added Monitoring Plan|0|shost=SRV-SBPAM-002 cat=Monitoring Plan suser=FOR-SBPAM\\Administrator filePath=Netwrix API start=May 12 2022 19:27:04 GMT msg=Monitoring plan path: "All Monitoring Plans\\Netwrix API"
CEF:0|Netwrix|Self-audit|1.0|Added|Added Data source|0|shost=SRV-SBPAM-002 cat=Data source suser=FOR-SBPAM\\Administrator filePath=Netwrix API\\Netwrix API start=May 12 2022 19:27:04 GMT msg=Monitoring status: "Enabled"
CEF:0|Netwrix|Group Policy|1.0|Modified|Modified GroupPolicy|0|shost=srv-ad-1.for-sbpam.local cat=GroupPolicy suser=FOR-SBPAM\\Administrator filePath=Default Domain Controllers Policy start=May 12 2022 19:20:28 GMT msg=Action: Modified; \n Path: "General/Details"; \n Details: Modified. "Computer Revisions: 7 (AD), 7 (SYSVOL) -> 8 (AD), 8 (SYSVOL); ", Action: Modified; \n Path: "Computer Configuration (Enabled)/Policies/Windows Settings/Security Settings/Local Policies/Audit Policy"; \n Details: Added. "Policy: Audit account logon events; Setting: Success, Failure; ", Action: Modified; \n Path: "Computer Configuration (Enabled)/Policies/Windows Settings/Security Settings/Local Policies/Audit Policy"; \n Details: Added. "Policy: Audit system events; Setting: Success, Failure; ", Action: Modified; \n Path: "Computer Configuration (Enabled)/Policies/Windows Settings/Security Settings/Local Policies/Audit Policy"; \n Details: Modified. "Policy: Audit logon events; Setting: Success -> Success, Failure; "
CEF:0|Netwrix|Self-audit|1.0|Added|Added Item|0|shost=SRV-SBPAM-002 cat=Item suser=FOR-SBPAM\\Administrator filePath=Netwrix API\\Netwrix API\\name (Integration) start=May 12 2022 19:30:07 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Session start|Session start User session|0|shost=srv-sbpam-002.for-sbpam.local cat=User session suser=FOR-SBPAM\\Administrator filePath=Monitoring start start=May 12 2022 19:24:56 GMT
CEF:0|Netwrix|Self-audit|1.0|Successful Logon|Successful Logon Local logon|0|shost=SRV-SBPAM-002 cat=Local logon suser=FOR-SBPAM\\Administrator filePath=SRV-SBPAM-002 start=May 12 2022 19:37:13 GMT
CEF:0|Netwrix|Self-audit|1.0|Successful Logon|Successful Logon Local logon|0|shost=SRV-SBPAM-002 cat=Local logon suser=FOR-SBPAM\\Administrator filePath=SRV-SBPAM-002 start=May 12 2022 19:37:13 GMT
CEF:0|Netwrix|Windows Server|1.0|Added|Added Add or Remove Programs|0|shost=10.11.18.51 cat=Add or Remove Programs suser=Not applicable filePath=Add or Remove Programs\\Microsoft Edge start=May 12 2022 19:36:04 GMT msg=Installed For: All users, Version: 101.0.1210.39
CEF:0|Netwrix|Windows Server|1.0|Added|Added Add or Remove Programs|0|shost=10.11.18.51 cat=Add or Remove Programs suser=NT AUTHORITY\\SYSTEM filePath=Add or Remove Programs\\Netwrix Auditor User Activity Core Service start=May 12 2022 19:24:42 GMT msg=Installed For: All users, Version: 10.0.9944.0
CEF:0|Netwrix|Windows Server|1.0|Modified|Modified System Service|0|shost=10.11.18.51 cat=System Service suser=system filePath=Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) start=May 12 2022 19:36:04 GMT msg=Path to executable changed from ""C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\95.0.1020.44\\elevation_service.exe"" to ""C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\101.0.1210.39\\elevation_service.exe""
CEF:0|Netwrix|Windows Server|1.0|Removed|Removed Add or Remove Programs|0|shost=10.11.18.51 cat=Add or Remove Programs suser=Not applicable filePath=Add or Remove Programs\\Microsoft Edge start=May 12 2022 19:36:04 GMT msg=Installed For: All users, Version: 95.0.1020.44
CEF:0|Netwrix|Windows Server|1.0|Added|Added System Service|0|shost=10.11.18.51 cat=System Service suser=NT AUTHORITY\\SYSTEM filePath=Netwrix Auditor User Activity Core Service start=May 12 2022 19:24:40 GMT msg=Caption: Netwrix Auditor User Activity Core Service, Allow service to interact with desktop: False, Path to executable: "C:\\Program Files (x86)\\Netwrix Auditor\\User Activity Core Service\\UAVRAgent.exe", Service Type: Own Process, Service Account: LocalSystem, Description: This service is responsible for tracking and capturing user activity on target computers., Action in case of failed service startup: Ignore, Name: uavrsvc, Start Mode: Auto
CEF:0|Netwrix|Windows Server|1.0|Added|Added System Service|0|shost=10.11.18.51 cat=System Service suser=FOR-SBPAM\\SRV-SBPAM-002$ filePath=Netwrix Auditor User Activity Core Service start=May 12 2022 19:24:40 GMT msg=Caption: Netwrix Auditor User Activity Core Service, Allow service to interact with desktop: False, Path to executable: "C:\\Program Files (x86)\\Netwrix Auditor\\User Activity Core Service\\UAVRAgent.exe", Service Type: Own Process, Service Account: LocalSystem, Description: This service is responsible for tracking and capturing user activity on target computers., Action in case of failed service startup: Ignore, Name: uavrsvc, Start Mode: Auto
CEF:0|Netwrix|Self-audit|1.0|Modified|Modified Item|0|shost=SRV-SBPAM-002 cat=Item suser=FOR-SBPAM\\Administrator filePath=Netwrix API\\Netwrix API\\name (Integration) start=May 12 2022 19:38:12 GMT msg=Name changed from "Netwrix API\\Netwrix API\\name (Integration)" to "Netwrix API\\Netwrix API\\Data import (Integration)"
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Netwrix Auditor | Netwrix Auditor start=May 12 2022 19:37:13 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Netwrix Auditor | Netwrix Auditor - SRV-SBPAM-002 (FOR-SBPAM\\Administrator) start=May 12 2022 19:37:15 GMT
CEF:0|Netwrix|Self-audit|1.0|Added|Added Item|0|shost=SRV-SBPAM-002 cat=Item suser=FOR-SBPAM\\Administrator filePath=AD FS\\AD FS\\Network (Federation server) start=May 12 2022 19:41:13 GMT
CEF:0|Netwrix|Self-audit|1.0|Logoff|Logoff Local logon|0|shost=SRV-SBPAM-002 cat=Local logon suser=FOR-SBPAM\\Administrator filePath=SRV-SBPAM-002 start=May 12 2022 19:42:18 GMT
CEF:0|Netwrix|Self-audit|1.0|Removed|Removed Item|0|shost=SRV-SBPAM-002 cat=Item suser=FOR-SBPAM\\Administrator filePath=AD FS\\AD FS\\10.11.18.50 (Federation server) start=May 12 2022 19:42:31 GMT
CEF:0|Netwrix|Self-audit|1.0|Removed|Removed Item|0|shost=SRV-SBPAM-002 cat=Item suser=FOR-SBPAM\\Administrator filePath=AD FS\\AD FS\\Network (Federation server) start=May 12 2022 19:42:31 GMT
CEF:0|Netwrix|Self-audit|1.0|Removed|Removed Monitoring Plan|0|shost=SRV-SBPAM-002 cat=Monitoring Plan suser=FOR-SBPAM\\Administrator filePath=AD FS start=May 12 2022 19:42:31 GMT
CEF:0|Netwrix|Self-audit|1.0|Removed|Removed Data source|0|shost=SRV-SBPAM-002 cat=Data source suser=FOR-SBPAM\\Administrator filePath=AD FS\\AD FS start=May 12 2022 19:42:31 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Netwrix Auditor | Browse for Folder start=May 12 2022 19:41:02 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Netwrix Auditor | Netwrix Auditor - SRV-SBPAM-002 (FOR-SBPAM\\Administrator) start=May 12 2022 19:42:18 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Netwrix Auditor | Netwrix Auditor - SRV-SBPAM-002 (FOR-SBPAM\\Administrator) start=May 12 2022 19:41:06 GMT
CEF:0|Netwrix|Logon Activity|1.0|Successful Logon|Successful Logon Interactive logon|0|shost=srv-ad-1.for-sbpam.local cat=Interactive logon suser=FOR-SBPAM\\Administrator filePath=srv-ad-1.for-sbpam.local start=May 12 2022 20:05:34 GMT msg=A session was reconnected.
CEF:0|Netwrix|Active Directory|1.0|Modified|Modified user|0|shost=srv-ad-1.for-sbpam.local cat=user suser=FOR-SBPAM\\Administrator filePath=\\local\\for-sbpam\\Users\\test1 test1 start=May 12 2022 20:09:51 GMT msg=User Account Disabled
CEF:0|Netwrix|Active Directory|1.0|Modified|Modified group|0|shost=srv-ad-1.for-sbpam.local cat=group suser=FOR-SBPAM\\Administrator filePath=\\local\\for-sbpam\\Users\\Domain Admins start=May 12 2022 20:09:38 GMT msg=Security Global Group Member: \n - Added: "for-sbpam.local/Users/Admin AD"
CEF:0|Netwrix|Active Directory|1.0|Added|Added group|0|shost=unknown cat=group suser=system filePath=\\local\\for-sbpam\\Users\\User-for-test start=May 12 2022 20:07:30 GMT msg=Group Type: "Security Global Group"
CEF:0|Netwrix|Active Directory|1.0|Removed|Removed group|0|shost=unknown cat=group suser=system filePath=\\local\\for-sbpam\\Users\\User-for-test start=May 12 2022 20:07:30 GMT msg=Group Type: "Security Global Group"
CEF:0|Netwrix|Active Directory|1.0|Added|Added user|0|shost=srv-ad-1.for-sbpam.local cat=user suser=FOR-SBPAM\\Administrator filePath=\\local\\for-sbpam\\Users\\Admin AD start=May 12 2022 20:08:57 GMT
CEF:0|Netwrix|Active Directory|1.0|Modified|Modified user|0|shost=srv-ad-1.for-sbpam.local cat=user suser=FOR-SBPAM\\Administrator filePath=\\local\\for-sbpam\\Users-for-test\\user2 test start=May 12 2022 20:11:53 GMT msg=Administrative Password Reset, User Account Enabled
CEF:0|Netwrix|Active Directory|1.0|Modified|Modified domainDNS|0|shost=srv-ad-1.for-sbpam.local cat=domainDNS suser=FOR-SBPAM\\Administrator filePath=\\local\\for-sbpam start=May 12 2022 20:11:18 GMT msg=Object Security: \n - Added: "Permissions: Everyone (Deny: Delete all child objects)"
CEF:0|Netwrix|Active Directory|1.0|Added|Added user|0|shost=srv-ad-1.for-sbpam.local cat=user suser=FOR-SBPAM\\Administrator filePath=\\local\\for-sbpam\\Users-for-test\\admin3 adm3 start=May 12 2022 20:18:47 GMT
CEF:0|Netwrix|Active Directory|1.0|Modified|Modified user|0|shost=srv-ad-1.for-sbpam.local cat=user suser=FOR-SBPAM\\Administrator filePath=\\local\\for-sbpam\\Users-for-test\\user2 test start=May 12 2022 20:12:09 GMT msg=User Account Disabled
CEF:0|Netwrix|Active Directory|1.0|Modified|Modified group|0|shost=srv-ad-1.for-sbpam.local cat=group suser=FOR-SBPAM\\Administrator filePath=\\local\\for-sbpam\\Builtin\\Administrators start=May 12 2022 20:20:07 GMT msg=Security Local Group Member: \n - Added: "for-sbpam.local/Users-for-test/admin3 adm3"
CEF:0|Netwrix|Active Directory|1.0|Added|Added user|0|shost=srv-ad-1.for-sbpam.local cat=user suser=FOR-SBPAM\\Administrator filePath=\\local\\for-sbpam\\Users-for-test\\admin3 adm3 start=May 12 2022 20:19:02 GMT
CEF:0|Netwrix|Active Directory|1.0|Removed|Removed computer|0|shost=srv-ad-1.for-sbpam.local cat=computer suser=FOR-SBPAM\\Administrator filePath=\\local\\for-sbpam\\Computers\\testPC2 start=May 12 2022 20:17:08 GMT
CEF:0|Netwrix|Active Directory|1.0|Added|Added computer|0|shost=srv-ad-1.for-sbpam.local cat=computer suser=FOR-SBPAM\\Administrator filePath=\\local\\for-sbpam\\Computers\\testPC2 start=May 12 2022 20:15:37 GMT
CEF:0|Netwrix|Active Directory|1.0|Modified|Modified computer|0|shost=srv-ad-1.for-sbpam.local cat=computer suser=FOR-SBPAM\\Administrator filePath=\\local\\for-sbpam\\Computers\\testPC3 start=May 12 2022 20:16:30 GMT msg=Computer Account Disabled
CEF:0|Netwrix|Active Directory|1.0|Removed|Removed user|0|shost=srv-ad-1.for-sbpam.local cat=user suser=FOR-SBPAM\\Administrator filePath=\\local\\for-sbpam\\Users-for-test\\admin3 adm3 start=May 12 2022 20:18:53 GMT
CEF:0|Netwrix|Active Directory|1.0|Added|Added computer|0|shost=srv-ad-1.for-sbpam.local cat=computer suser=FOR-SBPAM\\Administrator filePath=\\local\\for-sbpam\\Computers\\testPC3 start=May 12 2022 20:16:24 GMT
CEF:0|Netwrix|Active Directory|1.0|Modified|Modified computer|0|shost=srv-ad-1.for-sbpam.local cat=computer suser=FOR-SBPAM\\Administrator filePath=\\local\\for-sbpam\\Computers\\testPC2 start=May 12 2022 20:16:00 GMT msg=Computer Account Disabled
CEF:0|Netwrix|Active Directory|1.0|Modified|Modified group|0|shost=srv-ad-1.for-sbpam.local cat=group suser=FOR-SBPAM\\Administrator filePath=\\local\\for-sbpam\\Builtin\\Hyper-V Administrators start=May 12 2022 20:20:07 GMT msg=Security Local Group Member: \n - Added: "for-sbpam.local/Users-for-test/admin3 adm3"
CEF:0|Netwrix|Active Directory|1.0|Modified|Modified group|0|shost=srv-ad-1.for-sbpam.local cat=group suser=FOR-SBPAM\\Administrator filePath=\\local\\for-sbpam\\Users\\Domain Admins start=May 12 2022 20:20:07 GMT msg=Security Global Group Member: \n - Added: "for-sbpam.local/Users-for-test/admin3 adm3"
CEF:0|Netwrix|Active Directory|1.0|Added|Added computer|0|shost=srv-ad-1.for-sbpam.local cat=computer suser=FOR-SBPAM\\Administrator filePath=\\local\\for-sbpam\\Users-for-test\\testPC start=May 12 2022 20:12:28 GMT
CEF:0|Netwrix|Active Directory|1.0|Removed|Removed user|0|shost=srv-ad-1.for-sbpam.local cat=user suser=FOR-SBPAM\\Administrator filePath=\\local\\for-sbpam\\Users-for-test\\user2 test start=May 12 2022 20:13:11 GMT
CEF:0|Netwrix|Active Directory|1.0|Added|Added user|0|shost=srv-ad-1.for-sbpam.local cat=user suser=FOR-SBPAM\\Administrator filePath=\\local\\for-sbpam\\Users-for-test\\user3 start=May 12 2022 20:13:01 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows Explorer | Progress start=May 12 2022 20:39:40 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Application Frame Host | Settings start=May 12 2022 20:36:30 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Netwrix Auditor | Netwrix Auditor - SRV-SBPAM-002 (FOR-SBPAM\\Administrator) start=May 12 2022 20:36:28 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Search and Cortana application | Search start=May 12 2022 20:39:03 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Notepad | Netwrix_Auditor_CEF_Export_Add-on.ps1 - Notepad start=May 12 2022 20:37:21 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows PowerShell | Administrator: Windows PowerShell start=May 12 2022 20:39:12 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows Explorer | Netwrix Auditor start=May 12 2022 20:36:35 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows Explorer | Netwrix start=May 12 2022 20:39:40 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows PowerShell | Select Administrator: Windows PowerShell start=May 12 2022 20:43:38 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows PowerShell | Administrator: Windows PowerShell start=May 12 2022 20:40:26 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows PowerShell | Administrator: Windows PowerShell start=May 12 2022 20:41:24 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows PowerShell | Administrator: Windows PowerShell start=May 12 2022 20:42:38 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows Explorer | Netwrix start=May 12 2022 20:42:29 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Search and Cortana application | Search start=May 12 2022 20:44:37 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows PowerShell | Select Administrator: Windows PowerShell start=May 12 2022 20:42:17 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows PowerShell | Administrator: Windows PowerShell start=May 12 2022 20:40:27 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows Explorer | CEF_Export start=May 12 2022 20:44:31 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows PowerShell | Administrator: Windows PowerShell start=May 12 2022 20:42:40 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows PowerShell | Administrator: Windows PowerShell start=May 12 2022 20:43:29 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows PowerShell | Administrator: Windows PowerShell start=May 12 2022 20:42:19 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows Explorer | Netwrix start=May 12 2022 20:42:57 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows PowerShell | Select Administrator: Windows PowerShell start=May 12 2022 20:42:13 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows PowerShell | Administrator: Windows PowerShell start=May 12 2022 20:42:12 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows PowerShell | Select Administrator: Windows PowerShell start=May 12 2022 20:41:23 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows PowerShell | Administrator: Windows PowerShell start=May 12 2022 20:43:40 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows Explorer | CEF_Export start=May 12 2022 20:43:05 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows PowerShell | Administrator: Windows PowerShell start=May 12 2022 20:43:36 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows Explorer | Netwrix start=May 12 2022 20:40:30 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows Explorer | CEF_Export start=May 12 2022 20:43:34 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows Explorer | Netwrix start=May 12 2022 20:42:14 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows PowerShell | Administrator: Windows PowerShell start=May 12 2022 20:41:21 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows PowerShell | Select Administrator: Windows PowerShell start=May 12 2022 20:42:11 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows PowerShell | Select Administrator: Windows PowerShell start=May 12 2022 20:42:23 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows PowerShell | Administrator: Windows PowerShell start=May 12 2022 20:42:24 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows Command Processor | Administrator: Command Prompt start=May 12 2022 20:45:29 GMT
CEF:0|Netwrix|Active Directory|1.0|Added|Added user|0|shost=srv-ad-1.for-sbpam.local cat=user suser=FOR-SBPAM\\Administrator filePath=\\local\\for-sbpam\\Users-for-test\\user2 test start=May 12 2022 20:11:53 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows Command Processor | Administrator: Command Prompt start=May 12 2022 20:50:35 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows PowerShell | Administrator: Windows PowerShell start=May 12 2022 20:52:12 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows Explorer | Netwrix start=May 12 2022 20:50:44 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows Explorer | Netwrix start=May 12 2022 20:50:40 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows PowerShell | Administrator: Windows PowerShell start=May 12 2022 20:52:30 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows Explorer | CEF_Export start=May 12 2022 20:50:27 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Notepad | Netwrix_Auditor_CEF_Export_Add-on.ps1 - Notepad start=May 12 2022 20:50:52 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows PowerShell | Administrator: Windows PowerShell start=May 12 2022 20:52:04 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Notepad | Netwrix_Auditor_CEF_Export_Add-on.ps1 - Notepad start=May 12 2022 20:50:42 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows Command Processor | Administrator: Command Prompt start=May 12 2022 20:50:50 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows PowerShell | Administrator: Windows PowerShell start=May 12 2022 20:52:11 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows PowerShell | Administrator: Windows PowerShell start=May 12 2022 20:52:29 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows Explorer | Netwrix start=May 12 2022 20:50:28 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows Explorer | Netwrix start=May 12 2022 20:52:06 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows Explorer | Netwrix start=May 12 2022 20:52:21 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows Command Processor | Administrator: Command Prompt start=May 12 2022 20:50:55 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Search and Cortana application | Search start=May 12 2022 20:52:00 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows PowerShell | Select Administrator: Windows PowerShell start=May 12 2022 20:52:29 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows Explorer | Netwrix start=May 12 2022 20:51:51 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows Explorer | Netwrix start=May 12 2022 20:58:28 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows Explorer | Extract Compressed (Zipped) Folders start=May 12 2022 20:58:26 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows Explorer | Netwrix_Auditor_CEF_Export_Add-on start=May 12 2022 20:58:28 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows Explorer | Netwrix start=May 12 2022 20:58:21 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows Explorer | Desktop start=May 12 2022 21:20:04 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Netwrix Auditor | Netwrix Auditor - SRV-SBPAM-002 (FOR-SBPAM\\Administrator) start=May 12 2022 21:17:56 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows PowerShell | Administrator: Windows PowerShell start=May 12 2022 21:20:08 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Search and Cortana application | Search start=May 12 2022 21:17:51 GMT
CEF:0|Netwrix|User Activity (Video)|1.0|Activated|Activated Window|0|shost=srv-sbpam-002.for-sbpam.local cat=Window suser=FOR-SBPAM\\Administrator filePath=Windows Explorer | Netwrix_Auditor_CEF_Export_Add-on start=May 12 2022 21:20:02 GMT
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку