Eventlog:getRecentSecurityEvents
Method
Purpose
This method (on Microsoft Windows) provides the 30 most recent events in the Microsoft Windows security event log.
Remarks
This method should not be used as a data source for a rule, because subsequent invocation returns the same data. For data sources for rules, use Eventlog:onSecurityEvent instead.
Composite event identifiers are represented in the result descriptions by the use of double colons between event parameters (source::event
).
Type
Synchronous, IMPACT_INFO.
Arguments
None.
Returns
Name |
Type |
Description |
|||||||||||||||
Date |
String |
Date the event was generated |
|||||||||||||||
Time |
String |
Time the event was generated |
|||||||||||||||
Record |
Integer |
Record number of the event. Table is indexed on Record |
|||||||||||||||
Event |
Integer |
Source-specific ID of the event |
|||||||||||||||
Event Category |
Integer |
Source-specific category of the event. The category may be any value between zero and 65535 where zero represents "no category." |
|||||||||||||||
Type |
String |
Event type. Can be one of the following:
|
|||||||||||||||
Source |
String |
Event source |
|||||||||||||||
Strings |
String |
Message template merge strings. These strings are merged into the associated message template to form the complete textual description of the event. These strings are always returned even when the associated message template cannot be found. |
|||||||||||||||
Text |
String |
Complete textual description of the event |