|
gptkbp:instanceOf
|
System component
|
|
gptkbp:accessibleBy
|
gptkb:PowerShell
gptkb:Event_Viewer
Third-party tools
Log Parser
Wevtutil
|
|
gptkbp:canBeCleared
|
Yes
|
|
gptkbp:canBeFilteredBy
|
Yes
|
|
gptkbp:canBeForwarded
|
Yes
|
|
gptkbp:contains
|
gptkb:personal_computer
gptkb:video_game
gptkb:Source
Message
User
Keywords
Task
Event ID
OpCode
TimeCreated
|
|
gptkbp:developedBy
|
gptkb:Microsoft
|
|
gptkbp:exportedTo
|
Yes
|
|
gptkbp:features
|
Access control
Audit logging
|
|
gptkbp:fileExtension
|
.evtx
|
|
gptkbp:format
|
gptkb:EVTX
gptkb:EVT
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
Windows event logs
|
|
gptkbp:introducedIn
|
gptkb:Windows_NT
|
|
gptkbp:location
|
%SystemRoot%\\System32\\winevt\\Logs
|
|
gptkbp:numberOfLocations
|
Application events
System events
Security events
|
|
gptkbp:purpose
|
Event logging
|
|
gptkbp:relatedTo
|
gptkb:Windows_Error_Reporting
gptkb:Group_Policy
gptkb:Windows_PowerShell
gptkb:Task_Scheduler
gptkb:Windows_Management_Instrumentation
|
|
gptkbp:supports
|
gptkb:Event_Tracing_for_Windows_(ETW)
Event subscriptions
Custom event logs
Remote event collection
|
|
gptkbp:type
|
gptkb:software
Security
Application
Forwarded Events
Setup
|
|
gptkbp:usedFor
|
Troubleshooting
System monitoring
Compliance monitoring
Security auditing
|
|
gptkbp:usedIn
|
gptkb:Microsoft_Windows
|
|
gptkbp:bfsParent
|
gptkb:KAPE
gptkb:Python_(with_pywin32)
gptkb:NetWitness_Log_Decoder
gptkb:Log360
|
|
gptkbp:bfsLayer
|
8
|