| q-4656 |
microsoft-evsecurity-kv-handle-request-4656-1 |
| q-4662 |
microsoft-evsecurity-kv-ds-object-move-success-4662 |
| q-4697 |
microsoft-evsecurity-kv-service-create-success-4697-1 |
| q-4698 |
"microsoft-evsecurity-xml-scheduled-task-create-success-4698-2 |
| q-4800 |
microsoft-evsecurity-kv-endpoint-lock-success-4800-3 |
| q-4801 |
microsoft-evsecurity-kv-endpoint-unlock-success-4801-3 |
| q-5156 |
microsoft-evsecurity-kv-network-session-success-5156 |
| q-5158 |
microsoft-evsecurity-kv-network-session-success-5158 |
| q-6272 |
microsoft-evnps-kv-endpoint-login-success-6272 |
| q-6273 |
microsoft-evnps-kv-radius-traffic-fail-6273 |
| q-628 |
microsoft-evsecurity-kv-user-password-reset-success-628 |
| q-672 |
microsoft-evsecurity-kv-endpoint-672 |
| q-673 |
microsoft-evsecurity-kv-endpoint-login-673 |
| q-675 |
microsoft-evsecurity-kv-endpoint-login-fail-675-3 |
| q-680 |
microsoft-evsecurity-kv-endpoint-login-680-3 |
| q-adfs-auth-failed |
microsoft-evsecurity-mix-endpoint-login-fail-1203 |
| q-adfs-auth-failed-1 |
microsoft-evsecurity-mix-endpoint-login-fail-1201 |
| q-adfs-auth-failed-2 |
microsoft-evsecurity-kv-endpoint-login-fail-411-1 |
| q-adfs-auth-successful |
microsoft-windows-mix-endpoint-login-success-1202 |
| q-adfs-auth-successful-1 |
microsoft-evsecurity-mix-endpoint-login-success-1200 |
| q-aruba-failed-nac-logon |
hp-arubacpm-kv-radius-traffic-fail-authfailed-2 |
| q-aruba-failed-nac-logon-1 |
hp-arubacpm-kv-radius-traffic-fail-authfailed |
| q-aruba-nac-logon-1 |
hp-arubacpm-kv-endpoint-login-success-logguestaccess |
| q-aruba-nac-logon-2 |
hp-arubacpm-kv-endpoint-login-success-loggedinuser |
| q-aruba-nac-logon-3 |
hp-arubacpm-kv-radius-traffic-success-radiusaccounting |
| q-aruba-nac-logon-4 |
hp-arubacpm-kv-radius-traffic-success-session |
| q-aruba-nac-logon-5 |
hp-arubacpm-kv-radius-traffic-success-loggedinusers |
| q-aruba-nac-logon-6 |
hp-arubacpm-kv-radius-traffic-success-guest |
| q-aruba-nac-logon-7 |
hp-arubacpm-kv-endpoint-login-success-authenticated |
| q-asa-6-113039-vpn-start |
cisco-asa-str-vpn-login-success-113039 |
| q-asa-722037-vpn-end |
cisco-asa-str-vpn-logout-success-722037 |
| q-beyondtrust-process-created |
beyondtrust-powerbroker-str-process-create-success-messageforwarded |
| q-bit9-epp-alert |
vmware-carbonblackappctrl-leef-alert-trigger-success-parity |
| q-box-app-activity |
box-ccm-json-file-activity-success-event |
| q-ccure-badge-access |
"tyco-ccure-xml-physical-location-access-fail-xmlmessage |
| q-checkpoint-alert |
checkpoint-es-kv-alert-trigger-success-protection |
| q-cisco-acs-nac-logon |
cisco-ise-kv-radius-traffic-success-cscoacspassedauth |
| q-cisco-dns-response |
cisco-umbrella-json-dns-response-success-identities |
| q-crowdstrike-process-alert-1 |
crowdstrike-falcon-leef-alert-trigger-success-md5 |
| q-dlp-alert |
symantec-dlp-leef-alert-email-modified |
| q-duo-app-activity-1 |
cisco-duo-kv-app-activity-success-sendenrollcode |
| q-duo-app-activity-2 |
cisco-duo-json-app-activity-success-usercreate-1 |
| q-duo-app-activity-3 |
cisco-duo-json-app-activity-success-phoneupdate |
| q-duo-app-activity-4 |
cisco-duo-json-app-activity-success-userpending |
| q-duo-app-activity-5 |
cisco-duo-kv-app-activity-success-userupdate |
| q-duo-app-login |
cisco-duo-kv-app-login-success-adminlogin |
| q-duo-auth-failed |
cisco-duo-kv-endpoint-authentication-fail-failure |
| q-duo-auth-successful |
cisco-duo-kv-endpoint-authentication-success-success |
| q-duo-failed-app-login |
cisco-duo-kv-app-login-fail-adminloginerror |
| q-exchange-dlp-email-in |
microsoft-exchange-kv-email-receive-deliver |
| q-exchange-dlp-email-in-1 |
microsoft-exchange-kv-email-receive-incoming |
| q-exchange-dlp-email-in-2 |
microsoft-exchange-kv-email-receive-success-smtp |
| q-exchange-dlp-email-in-3 |
microsoft-exchange-kv-email-receive-fail-incoming |
| q-exchange-dlp-email-in-4 |
microsoft-exchange-kv-email-receive-success-redirect |
| q-exchange-dlp-email-in-5 |
microsoft-exchange-kv-email-receive-success-send |
| q-exchange-dlp-email-out |
microsoft-exchange-kv-email-send-originating |
| q-exchange-dlp-email-out-1 |
microsoft-exchange-kv-email-send-originating-1 |
| q-exchange-dlp-email-out-2 |
microsoft-exchange-kv-email-send-fail-sendfailed |
| q-exchange-dlp-email-out-3 |
microsoft-exchange-kv-email-send-success-deliver |
| q-exchange-dlp-email-out-4 |
microsoft-exchange-kv-email-send-fail-sendfailed-1 |
| q-exchange-dlp-email-out-5 |
microsoft-exchange-kv-email-send-success-send |
| q-failed-app-login |
microsoft-exchange-kv-app-login-success-401 |
| q-fireeye-mps |
fireeye-networksecurity-leef-alert-trigger-success-fireeyemps |
| q-firesight-alert |
cisco-fp-kv-alert-trigger-success-ipsimpact |
| q-firesight-alert-2 |
cisco-fp-kv-alert-trigger-success-intrusionevent |
| q-firesight-alert-3 |
cisco-fp-kv-alert-trigger-success-filemalwareevent |
| q-firesight-alert-4 |
cisco-fp-kv-alert-trigger-success-intrusioneventrecordipv4 |
| q-gemalto-auth-attempt |
thalesgroup-gmfa-str-app-authentication-success-challenge |
| q-gemalto-auth-failed |
thalesgroup-gmfa-str-endpoint-login-fail-authfailure |
| q-gemalto-auth-success |
thalesgroup-gmfa-str-endpoint-login-success-authsuccess |
| q-ibm-network-alert |
ibm-pnips-leef-alert-trigger-success-attack |
| q-ibm-system-info |
ibm-pnips-leef-app-activity-audit |
| q-imperva-proxy |
imperva-incapsula-leef-http-request-incapsula |
| q-kiteworks-app-activity |
accellion-kw-kv-app-activity-success-userprofile |
| q-kiteworks-app-activity-1 |
accellion-kw-kv-app-activity-success-userdeleted |
| q-kiteworks-app-activity-2 |
accellion-kw-kv-app-activity-success-requestedafile |
| q-kiteworks-app-activity-3 |
accellion-kw-kv-app-activity-success-viewedemailsubject |
| q-kiteworks-app-activity-4 |
accellion-kw-kv-app-activity-success-draftchanged |
| q-kiteworks-app-activity-5 |
accellion-kw-kv-app-activity-success-createddraft |
| q-kiteworks-app-login |
accellion-kw-str-app-login-success-sessionstarted |
| q-kiteworks-app-login-1 |
accellion-kw-mix-app-login-success-loggedin |
| q-kiteworks-email-out |
accellion-kw-kv-email-send-success-withfiles |
| q-kiteworks-email-out-1 |
accellion-kw-kv-email-send-success-draftcreated |
| q-kiteworks-file-delete |
accellion-kw-kv-file-delete-success-deletedfolder |
| q-kiteworks-file-download |
accellion-kw-kv-file-download-success-downloadedfile |
| q-kiteworks-file-download-1 |
accellion-kw-kv-file-download-success-downloadedarchive |
| q-kiteworks-file-download-2 |
accellion-kw-kv-file-download-success-downloaded |
| q-kiteworks-file-permission-change |
accellion-kw-kv-file-permission-modify-success-addednewpermission |
| q-kiteworks-file-read |
accellion-kw-kv-file-read-success-viewedfile |
| q-kiteworks-file-read-1 |
accellion-kw-kv-file-read-success-viewfile |
| q-kiteworks-file-upload |
accellion-kw-kv-file-upload-success-uploadedfile |
| q-kiteworks-file-upload-1 |
accellion-kw-kv-file-upload-success-uploadedfile1 |
| q-kiteworks-file-write |
accellion-kw-kv-file-write-success-createdfolder |
| q-kiteworks-password-change |
accellion-kiteworks-kv-user-password-modify-success-updatedpassword |
| q-ldap-auth-attempt |
sunone-s-kv-endpoint-authentication-bind |
| q-ldap-auth-attempt-1 |
sunone-s-json-endpoint-authentication-ldapbind |
| q-ldap-auth-attempt-2 |
sunone-s-json-endpoint-authentication-success-message |
| q-leef-ds-account-disabled |
stealthbits-s-leef-user-disable-success-accountdisabled |
| q-leef-ds-account-enabled |
stealthbits-s-leef-user-enable-success-accountenable |
| q-leef-ds-member-added |
stealthbits-s-leef-group-member-add-success-memberadded |
| q-leef-ds-member-removed |
stealthbits-s-leef-group-member-remove-success-memberremoved |
| q-leef-ds-object-modification |
stealthbits-s-leef-ds-object-activity-attrnewvalue |
| q-leef-invincea-alert |
sophos-invincea-leef-alert-trigger-success-kiwisyslogserver |
| q-leef-securesphere-db-login |
imperva-securesphere-leef-database-login-success-valid |
| q-leef-securesphere-db-query |
imperva-securesphere-leef-database-query-success-query |
| q-lenel-badge-access |
lenel-og-kv-physical-location-access-success-accessgranted-1 |
| q-lenel-badge-access-1 |
lenel-og-kv-physical-location-access-accessgranted-2 |
| q-mcafee-epo-alert |
mcafee-es-kv-alert-trigger-success-threatcategory |
| q-mcafee-epo-dlp-alert |
mcafee-dlp-kv-alert-trigger-success-mailfilter |
| q-member-added-2008 |
microsoft-evsecurity-kv-group-member-add-success-memberadd |
| q-member-removed-2003 |
microsoft-evsecurity-kv-group-member-remove-success-groupmemberremoved-1 |
| q-member-removed-2008 |
microsoft-evsecurity-str-group-member-remove-success-memberwasremoved |
| q-microsoft-4648 |
microsoft-evsecurity-kv-user-switch-success-4648-2 |
| q-microsoft-4719 |
microsoft-evsecurity-kv-audit-policy-modify-success-4719-2 |
| q-microsoft-4740 |
microsoft-evsecurity-kv-user-lock-success-4740-1 |
| q-microsoft-dhcp |
microsoft-windows-kv-dhcp-session-success-assign |
| q-microsoft-dhcp-renew |
microsoft-windows-kv-dhcp-session-success-renew |
| q-microsoft-dhcp-update |
microsoft-windows-kv-dhcp-session-success-dnsupdate |
| q-microsoft-print-activity |
microsoft-evprintservice-kv-printer-activity-success-1 |
| q-o365-dlp-email |
microsoft-o365-kv-email-quarantined |
| q-o365-sharepoint-activity |
microsoft-o365-json-file-success-workload |
| q-o365-siem-security-alert |
microsoft-mcas-cef-alert-trigger-success-siemagent |
| q-oam-app-activity-10 |
oracle-oam-kv-app-activity-success-plugininvocationstart |
| q-oam-app-activity-11 |
oracle-oam-kv-app-activity-success-sessioncreation |
| q-oam-app-activity-12 |
oracle-oam-kv-app-activity-success-sessiondestroy |
| q-oam-app-activity-2 |
oracle-oam-kv-app-activity-success-authenticationattemp |
| q-oam-app-activity-3 |
oracle-oam-kv-app-activity-success-authorization |
| q-oam-app-activity-4 |
oracle-oam-kv-app-activity-success-credentialchallenge |
| q-oam-app-activity-5 |
oracle-oam-kv-app-activity-success-credentialsubmit |
| q-oam-app-activity-6 |
oracle-oam-kv-app-activity-success-credentialvalidation |
| q-oam-app-activity-7 |
oracle-oam-kv-app-activity-success-plugininvocationcomplete |
| q-oam-app-activity-8 |
oracle-oam-kv-app-activity-success-plugininvocationpause |
| q-oam-app-activity-9 |
oracle-oam-kv-app-activity-success-plugininvocationresume |
| q-oam-app-login |
oracle-am-kv-app-login-success-login |
| q-oam-auth-successful |
oracle-am-kv-endpoint-authentication-success-auth |
| q-oam-logout |
oam-am-kv-app-logout-success-logout |
| q-okta-app-activity |
okta-amfa-csv-app-login-success-securitycontext |
| q-okta-app-login |
okta-amfa-json-app-login-success-signinsuccessful |
| q-okta-app-login-1 |
okta-amfa-json-app-login-success-radiusagent |
| q-okta-app-login-2 |
okta-amfa-json-app-login-success-activedirectory |
| q-okta-app-login-3 |
okta-amfa-json-app-login-success-signin |
| q-okta-app-login-4 |
okta-amfa-json-app-login-success-singlesignon |
| q-okta-app-login-5 |
okta-amfa-json-app-login-success-iwaauthentication |
| q-okta-app-login-6 |
okta-amfa-json-app-login-success-evaluatesignon |
| q-okta-app-logout |
okta-mfa-json-app-logout-success-published |
| q-okta-failed-app-login |
okta-amfa-json-app-login-fail-signinfailed-1 |
| q-okta-failed-app-login-1 |
okta-amfa-json-app-login-fail-signin |
| q-okta-failed-app-login-2 |
okta-amfa-mix-app-login-fail-activedirectory |
| q-oracle-db-login |
oracle-db-kv-database-login-fail-user |
| q-oracle-db-query |
oracle-db-mix-database-query-success-audit |
| q-pan-leef-alert |
pan-wildfire-leef-alert-trigger-success-threat |
| q-pan-vpn-setip |
pan-gp-leef-vpn-login-success-clientconfigurationgenerated |
| q-pan-vpn-start |
pan-gp-leef-vpn-login-success-gatewayuser |
| q-physical-badge-access |
datawatchsystems-datawatch-str-physical_location-access-badgeaccess |
| q-process-alert-carbonblack |
vmware-carbonblackedr-leef-alert-trigger-success-watchlist |
| q-process-alert-carbonblack-1 |
vmware-carbonblackedr-leef-alert-trigger-success-feed |
| q-proofpoint-email |
proofpoint-tappod-leef-email-externaluser |
| q-prowatch-badge-access |
honeywell-pw-kv-physical-location-access-success-location |
| q-qip-dhcp |
nokia-vqip-kv-dhcp-session-success-dhcpsession |
| q-quest-directory-access |
questsoftware-caad-leef-ds-object-activity-changeauditor |
| q-safenet-auth-attempt |
safenet-thales-cef-app-authentication-auth |
| q-sendmail-dlp-email-alert |
unix-sm-kv-email-receive-success-sentemail |
| q-snort-alert |
snort-s-str-alert-trigger-success-potentiallyvulnerable |
| q-snort-alert-1 |
snort-s-cef-alert-trigger-success-classification |
| q-symantec-dlp-alert |
symantec-dlp-kv-email-send-incident-1 |
| q-symantec-dlp-alert-1 |
symantec-dlp-leef-alert-trigger-success-corporatenetwork |
| q-symantec-dlp-email-out |
symantec-dlp-leef-email-send-success-corporatenetwork |
| q-symantec-system-info |
symantec-endpointprotection-kv-app-notification-eventdescription |
| q-symantec-system-info-1 |
symantec-endpointprotection-json-app-activity-appactivity |
| q-symantec-system-info-2 |
symantec-endpointprotection-json-app-activity-appactivity-1 |
| q-symantec-system-info-3 |
symantec-endpointprotection-kv-app-activity-symantecserver |
| q-tippingpoint-sms-alert |
trendmicro-tippingpoint-str-alert-trigger-success-tcp-1 |
| q-tippingpoint-sms-alert-1 |
trendmicro-tippingpoint-str-alert-trigger-success-http |
| q-tippingpoint-sms-alert-2 |
trendmicro-tippingpoint-str-alert-trigger-success-ip |
| q-tippingpoint-sms-alert-3 |
trendmicro-tippingpoint-str-alert-trigger-success-udp |
| q-tippingpoint-sms-alert-4 |
trendmicro-tippingpoint-str-alert-trigger-success-smb |
| q-tippingpoint-sms-alert-5 |
trendmicro-tippingpoint-str-alert-trigger-success-icmp |
| q-trendmicro-dlp-alert |
trendmicro-officescan-kv-alert-trigger-success-transmissiondetected |
| q-trendmicro-epp-alert |
trendmicro-officescan-str-alert-trigger-success-virus |
| q-trendmicro-syslog-alert |
trendmicro-officescan-str-alert-trigger-success-officescan |
| q-unix-as |
unix-unix-mix-user-switch-success-sshdsession |
| q-unix-audispd-logon |
unix-unix-kv-ssh-traffic-audispd |
| q-unix-dhcp-1 |
unix-dhcpd-csv-dhcp-session-success-dhcpdrenewed |
| q-varonis-file-activity |
varonis-dsp-leef-file-success-datadvantage |
| q-vontu-dlp-alert |
symantec-dlp-kv-email-send-vontu |
| q-winpak-badge-access |
honeywell-wp-kv-physical-location-access-success-accessgranted |
| q-wsa-proxy |
cisco-securewebapp-csv-http-session-qradarlogging |
| q-xgs-network-alert |
ibm-qns-leef-alert-trigger-success-isnp |
| q-zscaler-web-activity |
zscaler-ia-leef-http-session-nss |
| qualys-security-alert |
qualys-q-kv-alert-trigger-success-scan |
| quest-account-locked |
questsoftware-caad-str-user-lock-success-changeauditor |
| quest-account-unlocked |
questsoftware-caad-str-user-unlock-success-changeauditor |
| quest-change-account-enabled |
questsoftware-caad-cef-user-unlock-success-auditor |
| quest-change-account-enabled-1 |
questsoftware-caad-cef-endpoint-enable-auditor |
| quest-change-account-lockout |
questsoftware-caad-cef-user-lock-success-auditor |
| quest-change-account-password-change |
questsoftware-caad-cef-user-password-modify-success-pwdchanged |
| quest-change-audit-file-create |
questsoftware-caad-json-file-write-success-addobject |
| quest-change-audit-file-delete |
questsoftware-caad-json-file-delete-success-deleteobject |
| quest-change-audit-file-move |
questsoftware-caad-json-file-write-success-moveobject |
| quest-change-audit-file-open |
questsoftware-caad-json-file-read-success-opened |
| quest-change-audit-file-rename |
questsoftware-caad-json-file-write-success-renameobject |
| quest-change-audit-file-write |
questsoftware-caad-json-file-write-success-filecontentwritten |
| quest-change-local-logon |
questsoftware-caad-cef-endpoint-login-success-interactively |
| quest-change-logout |
questsoftware-caad-cef-endpoint-login-sessionended |
| quest-change-member-added |
questsoftware-caad-cef-group-member-add-success-nestedmemberadd |
| quest-change-member-added-1 |
questsoftware-caad-cef-group-member-add-success-memberadd |
| quest-change-member-added-2 |
questsoftware-caad-cef-group-member-add-success-usermemberadd |
| quest-change-member-removed-1 |
questsoftware-caad-cef-group-member-remove-success-memberremove |
| quest-change-member-removed-2 |
questsoftware-caad-cef-group-member-remove-success-nestedmemberremove |
| quest-change-member-removed-3 |
questsoftware-caad-cef-group-member-remove-success-usermemberremove |
| quest-change-remote-logon |
questsoftware-caad-cef-endpoint-login-success-remoteinteractively |
| quest-change-system-info |
questsoftware-caad-cef-app-activity-appactivity |
| quest-member-added |
questsoftware-caad-str-group-member-add-success-memberaddedtouser |
| quest-member-added-1 |
questsoftware-caad-str-group-member-add-success-memberaddedtogroup |
| quest-member-removed |
questsoftware-caad-str-group-member-remove-success-memberremoved |
| quest-member-removed-1 |
questsoftware-caad-str-group-member-remove-success-usermemberremoved |
| quest-password-changed |
questsoftware-caad-str-user-password-modify-success-userpwdchanged |
| quest-password-changed-1 |
questsoftware-caad-str-user-password-modify-success-userpwdchanged-1 |
| qush-reveal-dlp-alert |
qush-r-json-alert-trigger-success-datatracking |
| qush-reveal-file-upload |
qush-r-json-file-upload-success-video |
| qush-reveal-file-upload-1 |
qush-r-json-file-upload-success-dataupload |
| qush-reveal-file-write |
qush-r-json-file-write-success-filecopy |
| qush-reveal-file-write-1 |
qush-r-json-file-write-success-datacompression |
| qush-reveal-nac-logon |
qush-r-json-radius-traffic-success-wifi |
| qush-reveal-print-activity |
qush-r-json-printer-activity-success-riskybehavior |
| qush-reveal-remote-logon |
qush-r-json-endpoint-login-success-insiderrisk |
| qush-reveal-usb-insert |
qush-r-json-peripheral_storage-insert-success-usb |
| qush-reveal-web-activity |
qush-r-json-http-session-success-riskybehavior |
| qush-reveal-web-activity-1 |
qush-r-json-http-session-success-flightrisk |