События, отправляемые Endpoint Agent
Приложения Endpoint Agent отправляют в OSMP информацию о следующих событиях:
- Process
- File Create
- File Modify
- File Rename
- File Read
- File Delete
- File Attributes Modify
- File Creation Time Modify
- File Hardlink Created
- File Symlink Created
- Module
- Registry Create
- Registry Delete
- Registry Modify
- Registry Rename
- Registry Query
- Registry Save
- Connection
- Port Listen
- AMSI Scan
- Process Console Input
- Driver
- Process Interpreted File Run
- DNS
- Pipe Create
- Pipe Connect
- LDAP
- WMI Activity
- WMI Consumer Registered
- Code Injection
- Process Access
- Threat Detect
- Threat Detect Processing Result
- Linux Event Log
- Windows Event Log
- Blocked Document
- Applock
- Process Terminated
- Device
- File System Mount
- File System Unmount
- Bits Job Create
- Bits Job Complete
- Bits Job Start
- Bits Job Stop
- Bits Job Add File
- Bits Job Error
- Service Create
- Service Modify
- Service Delete
- Scheduled Task Create
- Scheduled Task Modify
- Scheduled Task Delete
- File Owner Change
- File ACL Change
- Registry Owner Change
- Registry ACL Change
- Executable Memory Mapped
- Agent Start
- Agent Stop
- Agent Install
- Agent Uninstall
- Agent Action
- System Startup
- System Shutdown
В начало