Skip to main content

Raw Events - Event types supported

The table below shows the supported event types.

Event type

Category

Sensor type

OS type

Added

Service

Endpoint

  • Windows

  • Linux

Change status

Service

Endpoint

  • Windows

Create

File

Endpoint

  • Windows

  • macOS

  • Linux

Create

Process

Endpoint

  • Windows

  • macOS

  • Linux

Create

Scheduled task

Endpoint

  • Windows

Create key

Registry

Endpoint

  • Windows

Connection

Network

Endpoint

  • Windows

  • macOS

  • Linux

Delete

File

Endpoint

  • Windows

  • macOS

  • Linux

Delete

Scheduled task

Endpoint

  • Windows

Delete key

Registry

Endpoint

  • Windows

Delete value

Registry

Endpoint

  • Windows

Injection

Process

Endpoint

  • Windows

  • Linux

Logon

User

Endpoint

  • Windows

  • macOS

  • Linux

Logon failed

User

Endpoint

  • Windows

  • Linux

Logout

User

Endpoint

  • Windows

  • macOS

  • Linux

Modify

File

Endpoint

  • Windows

  • macOS

  • Linux

Modify

Scheduled task

Endpoint

  • Windows

Modify

Service

Endpoint

  • Windows

Modify value

Registry

Endpoint

  • Windows

Move

File

Endpoint

  • Windows

  • macOS

  • Linux

O365 Mail

Office 365

Office 365

  • Windows

  • macOS

  • Linux

Read

File

Endpoint

  • Windows

  • macOS

  • Linux

Settings changed

User

Endpoint

  • Windows

Terminate

Process

Endpoint

  • Windows

  • macOS

  • Linux