Raw Events - Event types supported
The table below shows the supported event types.
Event type | Category | Sensor type | OS type |
|---|---|---|---|
Added | Service | Endpoint |
|
Change status | Service | Endpoint |
|
Create | File | Endpoint |
|
Create | Process | Endpoint |
|
Create | Scheduled task | Endpoint |
|
Create key | Registry | Endpoint |
|
Connection | Network | Endpoint |
|
Delete | File | Endpoint |
|
Delete | Scheduled task | Endpoint |
|
Delete key | Registry | Endpoint |
|
Delete value | Registry | Endpoint |
|
Injection | Process | Endpoint |
|
Logon | User | Endpoint |
|
Logon failed | User | Endpoint |
|
Logout | User | Endpoint |
|
Modify | File | Endpoint |
|
Modify | Scheduled task | Endpoint |
|
Modify | Service | Endpoint |
|
Modify value | Registry | Endpoint |
|
Move | File | Endpoint |
|
O365 Mail | Office 365 | Office 365 |
|
Read | File | Endpoint |
|
Settings changed | User | Endpoint |
|
Terminate | Process | Endpoint |
|
Add file | BITS jobs activity | Endpoint | Windows |
Create | BITS jobs activity | Endpoint | Windows |
Delete | BITS jobs activity | Endpoint | Windows |
Create local account | User | Endpoint | Windows |
Delete local account | User | Endpoint | Windows |
WMI execution method | WMI activity | Endpoint | Windows |
WMI new activity | WMI activity | Endpoint | Windows |
WMI new binding | WMI activity | Endpoint | Windows |
Modify group policy | Other | Endpoint | Windows |