OSSEM icon indicating copy to clipboard operation
OSSEM copied to clipboard
verified publisher icon OTRF

Windows Security logs, fields mismatch for Object Access

Open nicolasreich opened this issue 5 years ago • 1 comments

Hello, the In some Windows Security logs concerning Object Access, the field (e.g. 4656) AccessList is translated into user_privilege_list while for others it is object_access_list. Which one is right?

PS: Is opening issues on this repo the right procedure for issues like this? Is there something you would prefer?

nicolasreich avatar Oct 20 '20 13:10 nicolasreich

Hey @nicolasreich , yes thank you very much for sharing the feedback and this is the best way to report those mismatch. As I mentioned in a previous issue, we are reviewing those events and fixing a few of those inconsistencies from an endpoint perspective.

Cyb3rWard0g avatar Oct 21 '20 02:10 Cyb3rWard0g