Elastic Windows Event Explorer


Publisher - Microsoft-Windows-Sysmon

Event ID 14 v2

Message:

Registry object renamed:
RuleName: %{RuleName}
EventType: %{EventType}
UtcTime: %{UtcTime}
ProcessGuid: %{ProcessGuid}
ProcessId: %{ProcessId}
Image: %{Image}
TargetObject: %{TargetObject}
NewName: %{NewName}

Event Data:

# Name In Type
Out Type
1 RuleName win:UnicodeString xs:string
2 EventType win:UnicodeString xs:string
3 UtcTime win:UnicodeString xs:string
4 ProcessGuid win:GUID xs:GUID
5 ProcessId win:UInt32 win:PID
6 Image win:UnicodeString xs:string
7 TargetObject win:UnicodeString xs:string
8 NewName win:UnicodeString xs:string

Observed Windows Versions:

Version: 2

Fingerprint: NLYFPTU4ZLO7S