Hello everyone, i’m looking at this page How the Insight Agent Works | Insight Agent Documentation but I want more details about event codes, process, etc that are collected from the agent installed on the machines. In the web page you could see the list at high level, I need more deeper details. Anyone could help me?
these are the event codes the agent pulls
Notably on endpoints we pull 7045,1102, 4624, 4625, 4648, 4720
and on DCs we pull 1102, 4624, 4625, 4648, 4704, 4720, 4722, 4724, 4725, 4728, 4732, 4738, 4740, 4741, 4756, 4767, 4768, 4769
if the setting is enabled.
Also we pull the Windows Defender codes listed.
We collect all process starts on windows and MacOS and Linux.
Optionally you can configure FIM and FAAM
and lastly you can configure the logging.json on endpoints (not available on DCs) to pull all Windows System, Security and Application events
Thank you very much!