adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3da170a43c7f288fe9bc88fe325da488733acac3
metasploit-gs/data/exploits/manageengine_xnode/CVE-2020-11532/adaudit_plus_xnode_conf.yaml
T

298 lines
5.4 KiB
YAML
Raw Blame History

---
AdapFileAuditLog:
- UNIQUE_ID
# - MONITOR_ID
# - EVENT_NUMBER
- TIME_GENERATED
# - EVENT_TYPE
# - EVENT_TYPE_TEXT
- SOURCE
# - REMARKS
# - OBJECT_SERVER
# - OBJECT_TYPE
# - HANDLE_ID
# - OBJECT_NAME
# - UNC_NAME
# - FILE_NAME
# - FILE_LOCATION
# - LOGON_ID
# - OPERATION_ID
- PRIMARY_USER_NAME
- PRIMARY_DOMAIN
- PRIMARY_LOGIN_ID
- CLIENT_USER_NAME
- CLIENT_DOMAIN
- CLIENT_LOGIN_ID
- DOMAIN
# - RESTRICTED_SID_COUNT
# - ACCESSES
# - PROCESS_ID
# - PRIVILEGES_USED
# - PRIVILEGES
# - PROCESS_NAME
# - NEW_SEC_DESC
# - ORIGINAL_SEC_DESC
# - NEW_PERMISSIONS
# - ORIGINAL_PERMISSIONS
# - ACL_CHANGE
# - TRANSACTION_ID
# - ACCESS_MASK
- USERNAME
# - RECORD_NUMBER
- USER_SID
# - ACCESS_TYPE
# - ACCESS_TYPE_TEXT
# - FORMAT_MESSAGE
- USER_SAM_ACCOUNT_NAME
- USER_DISPLAY_NAME
- USER_PRINCIPAL_NAME
- USER_GUID
- USER_DISTINGUISH_NAME
- USER_OU_GUID
- USER_DEPARTMENT
- USER_MANAGER_NAME
- SOURCE_NAME
# - LOG_FILE_NAME
# - KEYWORDS_NAME
# - TASK_CATEGORY_NAME
# - TASK_CATEGORY_ID
# - FILE_TYPE
- SHARE_NAME
# - EXTRA_COLUMN1
# - EXTRA_COLUMN2
# - EXTRA_COLUMN3
# - EXTRA_COLUMN4
# - EXTRA_COLUMN5
# - EXTRA_COLUMN6
# - EXTRA_COLUMN7
# - EXTRA_COLUMN8
# - EXTRA_COLUMN9
# - EXTRA_COLUMN10
- CONFIGURED_DOMAIN_NAME
# - NEW_PRIVILEGES_USED
AdapPowershellAuditLog:
- UNIQUE_ID
# - COMMAND_NAME
# - COMMAND_PATH
# - COMMAND_TYPE
# - COMMAND_INVOCATION
- EVENT_MACHINE_NAME
- EVENT_MACHINE_DOMAIN
# - EVENT_CATEGORY
# - EVENT_NUMBER
# - EVENT_TYPE
# - HOST_APPLICATION
- HOST_NAME
# - SCRIPTBLOCK_ID
# - RECORD_NUMBER
# - SCRIPT_NAME
# - SCRIPT_DATA
# - SCRIPT_SNO
# - SEVERITY
# - TIME_GENERATED
- CALLER_USER_NAME
- CALLER_USER_SID
# - TOTAL_NO
# - MONITOR_ID
# - EVENT_TYPE_TEXT
# - FORMAT_MESSAGE
# - SCRIPT_DATA_JSON
AdapSysmonAuditLog:
- UNIQUE_ID
# - MONITOR_ID
- TIME_GENERATED
# - RECORD_NUMBER
# - EVENT_NUMBER
# - EVENT_TYPE
# - EVENT_TYPE_TEXT
- EVENT_MACHINE_NAME
- EVENT_MACHINE_DOMAIN
# - REMARKS
# - FORMAT_MESSAGE
- CALLER_USER_SID
- CALLER_USER_NAME
- CALLER_USER_DOMAIN
- CALLER_USER_LOGON_ID
- CLIENT_MACHINE_IPADDRESS
- CLIENT_MACHINE_NAME
- CLIENT_MACHINE_DOMAIN
- CALLER_USER_DN
- CALLER_USER_OU_GUID
- CALLER_USER_DISPLAY_NAME
- PROCESS_NAME
- PARENT_PROCESS_NAME
# - PROCESS_ID
# - FILE_NAME
# - INTEGRITY_LEVEL
# - QUERY_STRING
# - PARENT_PROCESS_ID
# - PARENT_CMD_LINE
# - QUERY_STATUS
# - ACCESS_TYPE_TEXT
# - ACCESS_TIME
# - CREATION_TIME
# - PREVIOUS_CREATION_TIME
# - PROCESS_GUID
# - RULE_NAME
# - LOADED_FILE
# - HASHED_VALUE
# - FOLDER_PATH
# - PARENT_PROCESS_GUID
# - SESSION_ID
# - IS_SIGNED
# - SIGNATURE
# - SIGNATURE_STATUS
# - IS_ARCHIVED
# - THREAD_ID
- SOURCE_IP_ADDRESS
# - PRODUCT_DESCRIPTION
- DESTINATION_IP_ADDRESS
- DESTINATION_HOST_NAME
# - PORT_NUMBER
# - PARENT_PORT_NUMBER
# - REGISTRY_NAME
# - QUERY_RESULT
# - SCHEMA_VERSION
# - WORKING_DIRECTORY
- COMPANY_NAME
- SOURCE_HOST_NAME
- CALLER_USER_LOGON_GUID
# - PARENT_PORT_NAME
# - SERVICE_VERSION
# - FILE_VERSION
# - PRODUCT_NAME
# - PORT_NAME
AdapDNSAuditLog:
- UNIQUE_ID
# - MONITOR_ID
# - EVENT_NUMBER
- TIME_GENERATED
# - EVENT_TYPE
# - EVENT_TYPE_TEXT
- EVENT_MACHINE_NAME
- EVENT_MACHINE_DOMAIN
# - REMARKS
# - DNS_SETTING
# - LOOKUP
# - DNS_SCOPE
# - DNS_OBJECT_GUID
# - DISTINATION_ZONE
# - OLD_DIRECTORY_PARTITION
# - USER_ACTION
- CALLER_USER_DOMAIN
- CALLER_USER_NAME
- CLIENT_MACHINE_DOMAIN
- CALLER_USER_LOGON_ID
# - DNS_QUERY_NAME
# - OBJECT_CLASS_TEXT
# - DNS_SETTING_NAME
- DISTINGUISHED_NAME
# - OBJECT_GUID
# - DNS_ZONE_NAME
# # - REGISTRY_VALUE
# - FORMAT_MESSAGE
# - RECORD_NUMBER
- CALLER_USER_SID
# - DNS_SETTING_VALUE
# - CORRELATION_ID
# - ATTRIBUTES_NEW_VALUE
# - ATTRIBUTES_OLD_VALUE
# - TTL_VALUE
# - DNS_MGMT_TYPE
# - DNS_ZONE_TYPE
# - DNS_ZONE_TYPE_STRING
- CALLER_USER_DISPLAY_NAME
- CALLER_USER_DN
- CALLER_USER_OU_GUID
- CALLER_USER_GUID
# - OP_APPLN_CORRELATION_ID
# - OP_TREE_DELETE
# - DIRECTORY_PARTITION
# - ROOT_CAUSE
# - FILE_NAME
# - VIRTUALIZATION_INSTANCE
# - ERROR_CODE_TEXT
# - DNS_RESPONSE_DATA
- DNS_SERVER_NAME
# - LINE_NUMBER
- CLIENT_MACHINE_IPADDRESS
- CLIENT_MACHINE_NAME
# - NEXT_SCAVENGE_SCHEDULE
# - RECORD_NAME
# - RUNNING_TIME
# - TIME_OUT
# - DNS_NODE
# - DNS_ZONE_FILE
- FOREST_NAME
# - SCAVENGED_NODES
# - SCAVENGED_PERC
# - SCAVENGED_RECORDS
# - SERVICE_NAMES
# - SLEEPING_TIME
# - VISITED_NODES
# - VISITED_ZONES
AdapADReplicationAuditLog:
- UNIQUE_ID
# - MONITOR_ID
- TIME_GENERATED
# - RECORD_NUMBER
- EVENT_MACHINE_NAME
- EVENT_MACHINE_DOMAIN
# - EVENT_NUMBER
# - EVENT_TYPE
# - EVENT_TYPE_TEXT
# - FORMAT_MESSAGE
# - REMARKS
- CALLER_USER_DOMAIN
- CALLER_USER_NAME
- CALLER_USER_SID
- CALLER_USER_DN
- CALLER_USER_OU_GUID
- CALLER_USER_DISPLAY_NAME
- CALLER_USER_LOGON_ID
- CALLER_USER_GUID
- CLIENT_MACHINE_IPADDRESS
- CLIENT_MACHINE_NAME
- CLIENT_MACHINE_DOMAIN
# - ALTERNATE_USER_ACTION
# - DIRECTORY_PARTITION
# - ERROR_CODE
# - ERROR_CODE_TEXT
# - EXTENDED_REQUEST_CODE
# - FAILING_DNS_HOST
# - HIGHEST_USN
# - INTERSITE_TRANSPORT
# - LAST_REPLICATION_DATE
# - OBJECT_GUID
# - OBJECT_NAME
# - COMMON_NAME_PATH
# - OPERATION
# - REASON
- REGISTRY_KEY
# - REMOVE_LINGERING_OBJECTS
# - SECONDARY_ERROR_VALUE
- SERVICE_PRINCIPAL_NAME
- SITE_NAME
- SOURCE_DIRECTORY_SERVICE
- SOURCE_DS_DOMAIN_NAME
- SOURCE_DS_GUID
- SOURCE_DS_NAME
- SOURCE_DS_STARTING_ID
# - THREAD_ID
# - TIMEOUT_PERIOD
# - TOMBSTONE_LIFE_TIME
# - TRANSPORT_NAME
# - USER_ACTION
# - ATTRIBUTES_NAME
# - ATTRIBUTES_VALUE
# - SOURCE_DRA
# - DESTINATION_DRA
# - DESTINATION_DS_NAME
# - DRS_OPTIONS
# - REPL_EVENT_COUNT
# - REPL_STATUS_CODE
# - SESSION_ID
# - START_USN
# - END_USN
# - TYPE_OF_CHANGE
Reference in New Issue View Git Blame Copy Permalink