|
gptkbp:instanceOf
|
gptkb:system_log
|
|
gptkbp:accessibleBy
|
gptkb:Event_Viewer
|
|
gptkbp:canBeAccessedProgrammaticallyBy
|
gptkb:WMI
gptkb:wevtutil
gptkb:PowerShell
gptkb:Windows_API
|
|
gptkbp:canBeArchivedBy
|
administrators
|
|
gptkbp:canBeBackedUpBy
|
administrators
|
|
gptkbp:canBeFilteredBy
|
gptkb:digital_media
gptkb:time_zone
source
log level
event ID
|
|
gptkbp:canBeForwardedTo
|
SIEM systems
Windows Event Collector
|
|
gptkbp:contains
|
system events
security events
application events
forwarded events
setup events
|
|
gptkbp:corruptedBy
|
disk errors
|
|
gptkbp:developedBy
|
gptkb:Microsoft
|
|
gptkbp:exportedTo
|
gptkb:TXT
XML
CSV
|
|
gptkbp:fileExtension
|
.evtx
|
|
gptkbp:introducedIn
|
gptkb:Windows_NT
|
|
gptkbp:location
|
%SystemRoot%\System32\winevt\Logs
|
|
gptkbp:logLevelsInclude
|
gptkb:museum
gptkb:Error
Warning
Critical
Verbose
|
|
gptkbp:numberOfLocations
|
event records
|
|
gptkbp:predecessor
|
Event Log (Windows 9x)
|
|
gptkbp:removes
|
administrators
|
|
gptkbp:securityLogIsProtectedBy
|
access control
|
|
gptkbp:supports
|
event log retention policies
event subscriptions
custom event logs
log size limits
remote event collection
|
|
gptkbp:usedFor
|
compliance reporting
troubleshooting
security auditing
system monitoring
|
|
gptkbp:usedIn
|
gptkb:Microsoft_Windows
|
|
gptkbp:bfsParent
|
gptkb:ArcSight_SmartConnectors
|
|
gptkbp:bfsLayer
|
7
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
Windows Event Logs
|