DateTime
|
Date/Time of event origination in GMT format.
|
DateTime
|
10.10.2000 19:00:00
|
Source
|
Name of an Application or System Service originating the event.
|
Source
|
Security
|
Type
|
Warning, Information, Error, Success, Failure, etc.
|
InsertionString5
|
Success
|
User
|
Domain\Account name of user/service/computer initiating event.
|
User
|
RESEARCH\Alebovsky
|
Computer
|
Name of server workstation where event was logged.
|
Computer
|
DC1
|
EventID
|
Numerical ID of event. Unique within one Event Source.
|
EventId
|
576
|
Description
|
The entire unparsed event message.
|
Description
|
Special privileges assigned to new logon.
|
Log Name
|
The name of the event log (e.g. Application, Security, System, etc.)
|
LogName
|
Security
|
Category
|
A name for a subclass of events within the same Event Source.
|
Category
|
AttestationReview
|
Whom
|
The object name to which the activity was applied.
|
InsertionString1
|
|
Client Computer
|
|
InsertionString14
|
10.0.0.1
|
Request ID
|
|
InsertionString13
|
{E3D89B36-AE99-45D8-85E4-71D7463FEDD1}
|
Object DN
|
|
InsertionString1
|
OU=Setup Operators,DC=research,DC=corp
|
Object Class
|
|
InsertionString2
|
organizationalUnit
|
Object GUID
|
|
InsertionString3
|
{9A60E55F-FB00-477C-B908-826D31AA9DDB}
|
Action
|
|
InsertionString4
|
ACE Removal
|
Trustee
|
|
InsertionString6
|
NT AUTHORITY\Authenticated Users
|
Trustee Type
|
|
InsertionString7
|
Well Known Group
|
Inherited
|
|
InsertionString8
|
No
|
Applied to
|
|
InsertionString9
|
This object only
|
Old Access Type
|
|
InsertionString10
|
List Child Objects, Read %All Properties, List Contents, Read Permissions
|
New Access Type
|
|
InsertionString11
|
<not set>
|
Failure Type
|
|
InsertionString12
|
Access denied
|
Permission
|
|
InsertionString5
|
Permission Allow
|