When
|
At what date and time a user activity originated in the system.
|
DateTime
|
10.10.2000 19:00:00
|
Who
|
Account or user name under which the activity occured.
|
Subject: Account Name
|
dtang
|
What
|
The type of activity occurred (e.g. Logon, Password Changed, etc.)
|
"Network share accessed"
|
Network share accessed
|
Where
|
The name of the workstation/server where the activity was logged.
|
Computer
|
DC1
|
Where From
|
The name of the workstation/server where the activity was initiated from.
|
Network Information: Source Address
|
10.154.14.44
|
Severity
|
Specify the seriousness of the event.
|
-
|
High
|
WhoDomain
|
|
Subject: Account Domain
|
PROD
|
WhereDomain
|
|
-
|
|
Result
|
Successful or Failed
|
-
|
|
Object Name
|
|
Object Name
|
\\*\InTrustRepository
|
Object Type
|
|
"File Share"
|
File Share
|
Whom
|
|
InsertionString8
|
\\*\InTrustRepository
|
Security ID
|
|
Subject: Security ID
|
PROD\dtang
|
Account Name
|
|
InsertionString2
|
dtang
|
Access Mask
|
|
Access Request Information: Access Mask
|
0x1
|
Accesses
|
|
Access Request Information: Accesses
|
ReadData (or ListDirectory)
|
Share Name
|
|
InsertionString8
|
\\*\InTrustRepository
|
Share Path
|
|
Share Information: Share Path
|
\??\C:\Program Files (x86)\Quest\InTrust\Server\InTrust\Repositories
|
Source Address
|
|
InsertionString6
|
10.154.14.44
|
Source Port
|
|
Network Information: Source Port
|
47799
|