This reference contains information on security-relevant objects and values.
Windows Event-Specific Articles
Information on events we have researched. Often works together with the Event Repository.
Work in Progress
Papers in this section are not finished, but may already provide some value. Please use them at your sole risk – they may be incomplete, inconsistent and even totally wrong.
Comments on these papers are highly appreciated. If you would like to do so, please directly contact the author specified in the paper.
- Spec for a Simple (reliable) Event Logging Protocol (SELP)
[formatted text] [nroff source]
If you would like to contribute, please download the nroff source and apply edits there!
- On the Nature of Syslog Data [March 2004]
- An Algorithm for Baselining Traffic Data [September 2003]
- The Needle in the Haystack – or how to approach log data.
- Windows Event Log Attack Signatures – so far, more or lesss a think tank.
If you are interested in specific Windows Event IDs, you may find related information at the Network Event Parsing Database.