This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Windows XML event analysis

Hello,

is there a document describing the structure of the xml event logs generated by Sophos?

I'm referring, mainly, to those highlighted fields:

<?xml version="1.0"?>
<Event xmlns="schemas.microsoft.com/.../event">
<System>
<Provider Name="Sophos Anti-Virus"/>
<EventID Qualifiers="8229">6</EventID>
<Level>3</Level>
<Task>1</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2019-06-18T08:25:34.000000000Z"/>
<EventRecordID>1361139</EventRecordID>
<Channel>Application</Channel>
<Computer>test01.local.pl</Computer>
<Security UserID="S-1-5-19"/>
</System>
<EventData>
<Data>Mal/Phish-A</Data>
<Data>C:\Users\testit01\AppData\Local\Temp\blob00444030211.tmp\i</Data>
<Data>\\?\C:\Users\testit01\AppData\Local\Temp\blob00444030211.tmp\i</Data>
<Data>Virus/Spyware</Data>
<Data>VEA</Data>
<Data>Ein Threat wurde gesperrt und in Quarant&#xE4;ne verschoben.</Data>
<Data>539295806</Data>
</EventData>
</Event>

 

thanks in advance,

Fausto



This thread was automatically locked due to age.
Parents Reply Children