This schema was originally developed by The MITRE Corporation. The CybOX XML Schema implementation is maintained by The MITRE Corporation and developed by the open CybOX Community. For more information, including how to get involved in the effort and how to submit change requests, please visit the CybOX website at http://cybox.mitre.org. Win_Event_Log_Object 2.1 01/22/2014 The following specifies the fields and types that compose this defined CybOX Object type. Each defined object is an extension of the abstract ObjectPropertiesType, defined in CybOX Common. For more information on this extension mechanism, please see the CybOX Specification. This document is intended for developers and assumes some familiarity with XML. Copyright (c) 2012-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the CybOX License located at http://cybox.mitre.org/about/termsofuse.html. See the CybOX License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the CybOX Schema, this license header must be included. The Windows_Event_Log object is intended to characterize entries in the Windows event log. Microsoft's Event schema is described at http://msdn.microsoft.com/en-us/library/aa385201 and the .NET API is described at http://msdn.microsoft.com/en-us/library/y80k1300.aspx. The WindowsEventLogObjectType type is intended to characterize entries in the Windows event log. The EID field specifies the ID of the event for which the event log entry was created. The event type associated with the entry in the event log, e.g., warning, information, error. The name of the log. The rendered message string for the event. The event entry's category number, as defined by the source. The text associated with Category_Num. The Generation_Time field specifies the date/time the event was generated. What logged the event, typically the name of an application or sub-component. The name of the computer on which the event log entry was generated. The name of the user (the security ID) responsible for the event. The event data as a binary blob. A globally unique identifier that identifies the current activity. A globally unique identifier that identifies the activity to which control was transferred to. The Execution_Process_ID field specifies the Process ID (PID) of the process which created the event. The Execution_Thread_ID field specifies the Thread ID (TID) of the thread which created the event. The index of the event entry in the log. A DWORD value that is always set to ELF_LOG_SIGNATURE (the value 0x654c664c), which is ASCII for eLfL. List of unformatted messages in the event log entry. The Write_Time field specifies the date/time that the entry was written into the event log. The UnformattedMessageListType type is a list of unformatted messages in the event log entry. A single unformatted message in the event log entry.