Scribd
Upload
74 views

Sourtype Eventcode

This document contains a list of sourcetype names and the number of associated event counts. It shows that the top sourcetypes are WinEventLog with 122469 events, XmlWinEventLog with 413064 events, stream:dns with 295708 events, and bro:dns:json with 63793 events. Many other sourcetypes are listed with their associated event counts.

Uploaded by

shahbaz ahmed
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
74 views

Sourtype Eventcode

This document contains a list of sourcetype names and the number of associated event counts. It shows that the top sourcetypes are WinEventLog with 122469 events, XmlWinEventLog with 413064 events, stream:dns with 295708 events, and bro:dns:json with 63793 events. Many other sourcetypes are listed with their associated event counts.

Uploaded by

shahbaz ahmed
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

sourcetype,count,"values(EventCode)"

ActiveDirectory,18,
"GSuiteForSplunk:error",316,
"Script:GetEndpointInfo",40,
"Script:InstalledApps",743,
"Script:ListeningPorts",3656,
"Script:NetworkConfiguration",38,
"Script:TimesyncConfiguration",123,
"Script:TimesyncStatus",123,
WinEventLog,122469,"0 1 1000 10000 10001 10002 10005 1001 10010 10016 1003 1004
1006 10100 10118 1012 1013 1014 1016 102 1025 103 1033 1034 1035 104 1040 1042 105
1066 1074 108 109 1100 1102 114 115 116 117 11728 12 124 13 130 134 137 14 15 1500
1501 153 1530 1531 1532 1534 16 16384 16390 16394 16962 1704 172 18 19 2 20 20001
20003 2001 2003 2004 2005 2006 2011 216 219 24576 24577 24579 25 258 26 260 26228
27 271 272 28 29 3 30 300 301 302 3079 31 32 325 326 327 34 35 37 38 405 40961 4097
4112 4115 4202 43 44 45 4608 4611 4616 4624 4625 4627 4634 4647 4648 4656 4659 4660
4661 4663 4664 4670 4672 4673 4674 4688 4696 4697 4698 4699 4700 4701 4702 4703
4719 4720 4722 4724 4728 4732 4735 4737 4738 4768 4769 4770 4776 4778 4779 4780
4797 4798 4799 4800 4826 4904 4905 4907 4946 4948 4956 4957 4985 5 50036 50037
50103 50104 50105 50106 5058 5059 5061 51046 51047 51057 5140 5145 521 5379 5381 55
5615 5617 5973 6 6000 6005 6006 6009 6013 6041 6281 63 6416 650 651 653 654 656 657
658 659 663 6946 6952 7000 7001 7002 7009 7011 7023 7026 7031 7032 7034 7036 7040
7045 77 781 8015 8019 8198 8222 8224 8230 900 9009 902 9027 903 904 916 98 999"
"WinEventLog:Microsoft-Windows-Powershell/Operational",7431,"40961 40962 4100 4103
4104 53504"
WinRegistry,36,
WindowsUpdateLog,3419,
XmlWinEventLog,14601,"1 10016 10120 104 12 16 19 34 35 37 43 44 4616 4624 4627 4634
4648 4660 4663 4664 4670 4673 4674 4688 4689 4698 4699 4702 4776 4798 4946 4948
4957 4985 6013 6416 7040"
"XmlWinEventLog:Microsoft-Windows-Powershell/Operational",62,
"XmlWinEventLog:Microsoft-Windows-Sysmon/Operational",47614,"1 10 11 12 13 15 17 18
22 255 3 4 5 7"
"advsim:atr",24,
"aws:cloudtrail",23715,
"aws:cloudwatch",9938,
"aws:cloudwatch:guardduty",3,
"aws:cloudwatchlogs:vpcflow",142,
"aws:config",2,
"aws:config:rule",70,
"aws:description",1036,
"aws:rds:audit",28785,
"aws:s3:accesslogs",3900,
"bit9:carbonblack:json",54676,
"bro:capture_loss:json",13,
"bro:conn:json",27877,
"bro:dhcp:json",327,
"bro:dns:json",63793,
"bro:files:json",6288,
"bro:http:json",2933,
"bro:known_certs:json",7,
"bro:known_hosts:json",33,
"bro:known_modbus:json",3,
"bro:known_services:json",29,
"bro:modbus:json",1410,
"bro:modbus_register_change:json",100,
"bro:notice:json",3391,
"bro:ntlm:json",16,
"bro:ntp:json",1498,
"bro:pe:json",1,
"bro:rdp:json",37,
"bro:smb_mapping:json",16,
"bro:software:json",13,
"bro:ssl:json",415,
"bro:weird:json",682,
"bro:x509:json",260,
"dragos_alert",1423,
"fgt_event",777,
"fgt_traffic",24016,
"fgt_utm",22312,
"gapps:chrome:api",155,
"gapps:usage:api",2,
mguard,4329,
"ms:aad:audit",110,
"ms:aad:signin",537,
"ms:aad:user",2440,
"ms:o365:reporting:messagetrace",208,
"mscs:azure:audit",2376,
"o365:management:activity",1417,
powershell,5,
stoq,66,
"stream:arp",296077,
"stream:dhcp",1042,
"stream:dns",295708,
"stream:ftp",22,
"stream:http",33797,
"stream:icmp",43438,
"stream:igmp",19576,
"stream:ip",465097,
"stream:ldap",7330,
"stream:smb",114051,
"stream:snmp",317,
"stream:tcp",147039,
"stream:udp",288074,
suricata,33741,
"suricata:fastlog",7383,
"wdtap:alerts",310,
wineventlog,1356,"100 102 103 106 107 108 118 119 129 140 141 142 200 201 202 301
310 314 317 318 319 322 325 332 40961 40962 4103 4104 53504"
xmlwineventlog,413064,"100 1000 1001 1002 1013 102 106 107 110 1116 1117 1150 1151
118 119 129 140 153 200 2000 2002 201 2010 2011 3002 325 329 40961 40962 4100 4103
5000 5001 5004 5007"

You might also like