Supported Log Types
Log types that can be processed and sent to your security platform
Windows Event Log
| Log type | Status | Supported Event IDs | Event channel |
|---|---|---|---|
| Sysmon | Supported | All event IDs are processed. Extended field mapping for 23 event shapes (schemas). | Microsoft-Windows-Sysmon/Operational |
| Windows Security | Supported | All event IDs are processed. Extended field mapping for 105 event shapes (schemas). | Security |
| Windows System | Supported | All event IDs are processed. Extended field mapping for 73 event shapes (schemas). | System |
| Windows Application | Supported | All event IDs are processed. Extended field mapping for 129 event shapes (schemas). | Application |
| Windows Defender | Supported | All event IDs are processed. Extended field mapping for 8 event shapes (schemas). | Channels whose path contains Defender (e.g. Microsoft-Windows-Windows Defender/Operational) |
| PowerShell | Supported | All event IDs are processed. Extended field mapping for 11 event shapes (schemas). | Channels whose path contains PowerShell (e.g. Microsoft-Windows-PowerShell/Operational) |
| Windows Other | Supported | All event IDs are processed. Extended field mapping for 96 event shapes (schemas). | Any other Windows event channel (classified when no rule above matches) |
See Supported Destinations for where logs can be sent, and How It Works for the processing flow.