| 9170001 |
WindowsPerformance Meters CPU Mem Event |
Generates an event reporting the percentage usage of CPU and RAM, including detailed system metrics over time |
Monitor overall Windows system performance, detect abnormal CPU or memory spikes, and support proactive resource management |
| 9170002 |
WindowsPerformance Meters Logical Drive Event |
Generates an event reporting the utilization percentage of a specific logical drive, including space consumed and remaining |
Track disk usage trends, identify potential storage bottlenecks, and alert before resource exhaustion on Windows systems |
| 9175001 |
DataAcquisitionMetering Event |
Captures detailed resource and performance metrics of the system where Data Acquisition CQ is installed |
Monitor host-level resource consumption, identify performance issues impacting data acquisition processes, and ensure system stability |
| 56789 |
Self Audit |
Reports audit activities from the CQ Web Application, including user actions and system changes |
Enable monitoring and compliance tracking for web application usage, detect unauthorized access, and support security audits |
| 580466301 |
An object was moved from SourceFile to Destination |
Logs files that have been moved, including original and new paths |
To identify, in Microsoft Windows environments, the moved files with the location before and after the move. |
| 580466302 |
An object was deleted |
Logs deleted files, including file name, path, and deletion timestamp |
Identify and investigate deleted files or objects, supporting forensic analysis and detection of potential malicious activity |
| 580466303 |
A new file was createad or modified |
Logs newly created or modified files, including file name and full path |
Monitor creation and modification of files to detect unauthorized changes or suspicious activity in Windows systems |
| 580466304 |
A new folder was created |
Logs newly created folders with full paths |
Detect creation of new directories, monitor organizational changes, and flag unexpected folder activity for investigation |
| 580466305 |
An object was renamed SourceFile to DestinationFile |
Logs files or folders that have been renamed, including previous and new names and paths |
Track renaming of files and folders to detect suspicious or unauthorized changes in Windows environments |
| 580466306 |
An object was accessed |
Logs accessed files, including file name, path, and access type |
Monitor file access activity to detect unauthorized or suspicious interactions with sensitive files |
| 9160000 |
VPN |
Generates events related to VPN activity, including connection attempts, success, failure, and source geolocation |
Monitor remote access activity, detect unusual login locations or devices, and support forensic investigations of VPN usage |
| 63805 |
NetFlow v5 |
Reports detailed traffic information for IP communications, including source/destination IPs, ports, and protocol usage |
Monitor network traffic patterns, detect anomalies, and support network security and performance analysis for NetFlow v5 environments |
| 63809 |
NetFlow V9 |
Reports detailed IP traffic flows using the NetFlow v9 protocol, including advanced flow attributes |
Monitor and analyze network communications, detect unusual traffic, and support threat detection and network optimization |
| 63810 |
IPFIX or NetFlow V10 |
Reports IP traffic using IPFIX or NetFlow v10, including enhanced metadata and flow statistics |
Enable advanced monitoring of network traffic, correlate flows for security events, and support high-fidelity network analysis |
| 63900 |
BiFlow Events |
Reports bidirectional traffic between IPs, combining source and destination flows for context |
Detect abnormal bidirectional communications, monitor application-level traffic patterns, and support threat correlation |
| 9150001 |
Windows Success Interactive Logon Activity |
Logs successful interactive user logins, including user identity, workstation, and login timestamp |
Detect new interactive logins, monitor user activity patterns, and identify unauthorized access attempts on Windows systems |
| 9150002 |
Windows Success Network Logon Activity |
Logs successful network logins, including username, source IP, and target system |
Detect new network logins, monitor access to shared resources, and identify potential lateral movement or unauthorized network access |
| 9150003 |
Windows Success Batch Logon Activity |
Logs successful batch logins, such as scheduled tasks, including user and host details |
Monitor automated or scheduled task logins to detect unusual or suspicious batch activities |
| 9150004 |
Windows Success Service Logon Activity |
Logs successful service logins, including service name, host, and source IP |
Track service authentications, detect new or unexpected services starting on the network, and monitor for potential security breaches |
| 9150005 |
Windows Success Network Cleartext Logon Activity |
Logs successful cleartext logins across the network, including user and source IP |
Detect insecure authentication events, monitor network login patterns, and flag potentially risky cleartext logins |
| 9150006 |
Windows Success Remote Interactive Logon Activity |
Logs remote interactive logins with user and source IP details |
Detect remote access activity, identify anomalous login behavior, and support endpoint monitoring for Windows environments |
| 9150007 |
Windows Success Cached Interactive Logon Activity |
Logs cached interactive logins occurring after a break period of ≥3 months |
Monitor long-term cached login activity, detect unusual delayed logins, and track endpoint access patterns |
| 9150011 |
Windows Failed Interactive Logon Activity |
Logs failed interactive login attempts with user and source IP |
Detect unsuccessful login attempts, monitor for brute-force attacks, and enhance Windows access security |
| 9150012 |
Windows Failed Network Logon Activity |
Logs failed network login attempts including username and source IP |
Identify failed network authentication attempts, detect suspicious activity, and prevent unauthorized access |
| 9150013 |
Windows Failed Batch Logon Activity |
Logs failed batch login attempts such as scheduled tasks |
Detect automation failures or malicious batch login attempts in Windows systems |
| 9150014 |
Windows Failed Service Logon Activity |
Logs failed service authentication attempts |
Identify service login failures, detect misconfigurations, and prevent potential security breaches |
| 9150015 |
Windows Failed Network Cleartext Logon Activity |
Logs failed cleartext network logins |
Detect failed cleartext authentication attempts |
| 9150016 |
Windows Failed Remote Interactive Logon Activity |
Reports failed remote interactive logins |
Detect failed remote logins in Windows environments |
| 9150017 |
Windows Failed Cached Interactive Logon Activity |
Reports failed cached interactive logins after ≥3 months |
Monitor failed long-term cached logins |
| 9150051 |
Windows Success Service Activity Service |
Reports network machine logins and newly registered services |
Detect new network service authentications |
| 9150052 |
Windows Success Service Activity Service User |
Reports newly registered service/user combinations |
Track new service logins under specific users |
| 9150053 |
Windows Success Service Activity Service Computer |
Reports service logins on network machines |
Track new services running on network machines |
| 9150061 |
Windows Failed Service Activity Service |
Reports failed authentications for new services |
Detect failed service logins |
| 9150062 |
Windows Failed Service Activity Service User |
Reports failed service/user login combinations |
Monitor failed service logins under users |
| 9150063 |
Windows Failed Service Activity Service Computer |
Reports failed service logins on network machines |
Monitor failed service logins on computers |
| 9150101 |
Linux Success Sshd Logon Activity |
Reports SSH logins with user and host |
Detect new SSH logins in Linux environments |
| 9150102 |
Linux Success Sudo Logon Activity |
Reports SUDO logins with user and host |
Detect new SUDO logins in Linux environments |
| 9150103 |
Linux Success Su Logon Activity |
Reports SU logins with user and host |
Detect new SU logins in Linux environments |
| 9150104 |
Linux Success Systemd Logon Activity |
Reports logins via Systemd with user and source IP |
Detect new Systemd logins in Linux environments |
| 9150151 |
Linux Failed Logon Activity SSH |
Reports failed SSH logins with user and host |
Detect failed SSH logins in Linux environments |
| 9150201 |
VPN Success Logon Activity by Country |
Reports successful VPN logins with user and country |
Monitor new username/geolocation combinations |
| 9150202 |
VPN Success Logon Activity by ClientIP |
Reports successful VPN logins with user and IP |
Monitor new username/IP combinations |