|
イベントID
|
イベントの種類
|
eventSubId |
イベントサブタイプ
|
|
1
|
TELEMETRY_PROCESS
|
1
|
TELEMETRY_PROCESS_OPEN
|
|
2
|
TELEMETRY_PROCESS_CREATE
|
||
|
3
|
TELEMETRY_PROCESS_TERMINATE
|
||
|
4
|
TELEMETRY_PROCESS_LOAD_IMAGE
|
||
|
5
|
TELEMETRY_PROCESS_EXECUTE
|
||
|
6
|
TELEMETRY_PROCESS_CONNECT
|
||
|
7
|
TELEMETRY_PROCESS_TRACME
|
||
|
8
|
TELEMETRY_PROCESS_LOAD_KERNEL_IMAGE
|
||
|
2
|
TELEMETRY_FILE
|
101
|
TELEMETRY_FILE_CREATE
|
|
102
|
TELEMETRY_FILE_OPEN
|
||
|
103
|
TELEMETRY_FILE_DELETE
|
||
|
104
|
TELEMETRY_FILE_SET_SECURITY
|
||
|
105
|
TELEMETRY_FILE_COPY
|
||
|
106
|
TELEMETRY_FILE_MOVE
|
||
|
107
|
TELEMETRY_FILE_CLOSE
|
||
|
108
|
TELEMETRY_FILE_MODIFY_TIMESTAMP
|
||
|
109
|
TELEMETRY_FILE_MODIFY
|
||
|
110
|
TELEMETRY_FILE_SET_ATTRIBUTES
|
||
|
111
|
TELEMETRY_FILE_ENUMERATE
|
||
|
3
|
TELEMETRY_CONNECTION
|
201
|
TELEMETRY_CONNECTION_CONNECT
|
|
202
|
TELEMETRY_CONNECTION_LISTEN
|
||
|
203
|
TELEMETRY_CONNECTION_CONNECT_INBOUND
|
||
|
204
|
TELEMETRY_CONNECTION_CONNECT_OUTBOUND
|
||
|
4
|
TELEMETRY_DNS
|
301
|
TELEMETRY_DNS_QUERY
|
|
5
|
TELEMETRY_REGISTRY
|
401
|
TELEMETRY_REGISTRY_CREATE
|
|
402
|
TELEMETRY_REGISTRY_SET
|
||
|
403
|
TELEMETRY_REGISTRY_DELETE
|
||
|
404
|
TELEMETRY_REGISTRY_RENAME
|
||
|
405
|
TELEMETRY_REGISTRY_ENUMERATE
|
||
|
406
|
TELEMETRY_REGISTRY_ENUMERATEVALUE
|
||
|
407
|
TELEMETRY_REGISTRY_QUERYVALUE
|
||
|
408
|
TELEMETRY_REGISTRY_SAVE
|
||
|
6
|
TELEMETRY_ACCOUNT
|
501
|
TELEMETRY_ACCOUNT_ADD
|
|
502
|
TELEMETRY_ACCOUNT_DELETE
|
||
|
503
|
TELEMETRY_ACCOUNT_IMPERSONATE
|
||
|
504
|
TELEMETRY_ACCOUNT_MODIFY
|
||
|
7
|
TELEMETRY_INTERNET
|
601
|
TELEMETRY_INTERNET_OPEN
|
|
602
|
TELEMETRY_INTERNET_CONNECT
|
||
|
603
|
TELEMETRY_INTERNET_DOWNLOAD
|
||
|
8
|
TELEMETRY_MODIFIED_PROCESS
|
701
|
TELEMETRY_MODIFIED_PROCESS_CREATE_REMOTETHREAD
|
|
702
|
TELEMETRY_MODIFIED_PROCESS_WRITE_MEMORY
|
||
|
703
|
TELEMETRY_MODIFIED_PROCESS_WRITE_PROCESS
|
||
|
704
|
TELEMETRY_MODIFIED_PROCESS_READ_PROCESS
|
||
|
705
|
TELEMETRY_MODIFIED_PROCESS_WRITE_PROCESS_NAME
|
||
|
9
|
TELEMETRY_WINDOWS_HOOK
|
801
|
TELEMETRY_WINDOWS_HOOK_SET
|
|
10
|
TELEMETRY_WINDOWS_EVENT
|
0
|
TELEMETRY_NONE
|
|
11
|
TELEMETRY_AMSI
|
901
|
TELEMETRY_AMSI_EXECUTE
|
|
12
|
TELEMETRY_WMI
|
-
|
-
|
|
13
|
TELEMETRY_MEMORY
|
1001
|
TELEMETRY_MEMORY_MODIFY
|
|
1002
|
TELEMETRY_MEMORY_MODIFY_PERMISSION
|
||
|
1003
|
TELEMETRY_MEMORY_READ
|
||
|
14
|
TELEMETRY_BM
|
1101
|
TELEMETRY_BM_INVOKE
|
|
1102
|
TELEMETRY_BM_INVOKE_API
|
||
|
17
|
TELEMETRY_EVENT_PIPE
|
1401
|
TELEMETRY_PIPE_CREATE
|
|
1402
|
TELEMETRY_PIPE_CONNECT
|
ビュー: