detection.wiki

Microsoft-Windows-Sudo

2 events across 1 channel

Event IDTitleChannel
1Admin
2Admin

Event ID 1 —

Provider
Microsoft-Windows-Sudo
Channel
Admin

Message #

%8

Fields #

NameDescription
Application AnsiString
ArgsCount UInt32
Argument AnsiString
CurrentWorkingDirectory AnsiString
Mode UInt32
InheritEnvironment UInt8
Redirected UInt8
FullCommandline AnsiString
RequestID GUID

Event ID 2 —

Provider
Microsoft-Windows-Sudo
Channel
Admin

Message #

%8

Fields #

NameDescription
Application AnsiString
ArgsCount UInt32
Argument AnsiString
CurrentWorkingDirectory AnsiString
Mode UInt32
InheritEnvironment UInt8
Redirected UInt8
FullCommandline AnsiString
RequestID GUID