Previous Topic: Windows Registry Modify ActionNext Topic: Kernel and OS Activity

Common Event GrammarHost Security CategorySignature Violation Activity ClassSuspicious Service/Daemon Activity Action

Suspicious Service/Daemon Activity Action

Suspicious Service/Daemon Activity actions are event information relating to the detection of suspicious daemon or service activity.

Information

Level

Source - User Information

Secondary

Source - Host Information

Secondary

Source - Object Information

Tertiary

Source - Process Information

Tertiary

Source - Group Information

Tertiary

Dest - User Information

Tertiary

Dest - Host Information

Primary

Dest - Object Information

Primary

Dest - Group Information

Tertiary

Agent - Information

Primary

Agent - Host Information

Primary

Event Source - Host Information

Primary

Event Source - Information

Tertiary

Event - Information

Primary

Result - Information

Primary

Result

event_result

event_severity

Success

S

4