In order to model nodes and edges for graph creation it would be very handy to have an attribute container with the event fields extracted.
One use-case is to track lateral movement in a windows environment using eventID 4624, using these fields:
- IpAddress
- Computer
- TargetUserName
- LogonType
- WorkstationName
- TargetDomain
In order to model nodes and edges for graph creation it would be very handy to have an attribute container with the event fields extracted.
One use-case is to track lateral movement in a windows environment using eventID 4624, using these fields: