Windows Event Log
E695774
Windows Event Log is a centralized logging system in Microsoft Windows that records system, security, and application events for monitoring, troubleshooting, and auditing purposes.
Observed surface forms (1)
| Surface form | Occurrences |
|---|---|
| Event Viewer | 2 |
Statements (50)
| Predicate | Object |
|---|---|
| instanceOf |
Windows component
ⓘ
logging system ⓘ |
| accessibleVia |
Event Viewer
NERFINISHED
ⓘ
PowerShell NERFINISHED ⓘ Windows API NERFINISHED ⓘ wevtutil NERFINISHED ⓘ |
| configuredBy |
Group Policy
NERFINISHED
ⓘ
Local Security Policy NERFINISHED ⓘ |
| developer | Microsoft ⓘ |
| hasComponent |
Application log
ⓘ
ForwardedEvents log ⓘ Security log ⓘ Setup log ⓘ System log ⓘ |
| introducedIn | Windows NT 3.1 NERFINISHED ⓘ |
| monitoredBy |
Security Information and Event Management systems
NERFINISHED
ⓘ
endpoint detection and response tools ⓘ |
| operatingSystem |
Windows
ⓘ
surface form:
Microsoft Windows
|
| purpose |
event logging
ⓘ
security auditing ⓘ system monitoring ⓘ troubleshooting ⓘ |
| records |
application events
ⓘ
forwarded events ⓘ security events ⓘ setup events ⓘ system events ⓘ |
| relatedTo |
Syslog (via forwarding or agents)
ⓘ
Windows Error Reporting NERFINISHED ⓘ Windows Management Instrumentation NERFINISHED ⓘ |
| storesDataIn |
EVT files
ⓘ
EVTX files ⓘ |
| supports |
XML event representation
ⓘ
custom logs ⓘ event IDs ⓘ event categories ⓘ event channels ⓘ event levels ⓘ event logs rotation ⓘ event sources ⓘ event subscriptions ⓘ log archiving ⓘ remote event collection ⓘ structured event data ⓘ |
| supportsVersion |
Windows Event Log API (Vista and later)
NERFINISHED
ⓘ
classic event log API ⓘ |
| usedFor |
compliance reporting
ⓘ
forensics ⓘ incident response ⓘ performance analysis ⓘ |
Referenced by (4)
Full triples — surface form annotated when it differs from this entity's canonical label.
this entity surface form:
Event Viewer
this entity surface form:
Event Viewer