├── LICENSE
├── README.md
└── events
    ├── account_lockouts
        └── account_lockouts_sub.xml
    ├── account_logons
        └── account_logons_sub.xml
    ├── account_modifications
        └── account_modifications_sub.xml
    ├── add_subscriptions.ps1
    ├── applocker
        └── applocker_sub.xml
    ├── emet
        └── emet_sub.xml
    ├── event_forwarding_errors
        └── event_forwarding_errors_sub.xml
    ├── event_log_cleared
        └── event_log_cleared_sub.xml
    ├── file_share
        └── file_share_sub.xml
    ├── object_access_auditing
        └── object_access_auditing_sub.xml
    ├── process_tracking
        └── process_tracking_sub.xml
    ├── scheduled_tasks
        └── scheduled_tasks_sub.xml
    ├── services
        └── services_sub.xml
    ├── set_subscriptions_sources.ps1
    ├── sysmon
        ├── sysmon_config.xml
        ├── sysmon_ctime_sub.xml
        ├── sysmon_file_sub.xml
        ├── sysmon_image_sub.xml
        ├── sysmon_networking_sub.xml
        ├── sysmon_other_sub.xml
        ├── sysmon_pipe_sub.xml
        ├── sysmon_process_access_sub.xml
        ├── sysmon_process_sub.xml
        └── sysmon_registry_sub.xml
    ├── windows_error_reporting
        └── windows_error_reporting_sub.xml
    ├── windows_powershell
        ├── windows_powershell_engine_sub.xml
        ├── windows_powershell_module_sub.xml
        ├── windows_powershell_script_block_sub.xml
        └── windows_powershell_script_block_warnings_sub.xml
    └── wmi_auditing
        ├── wmi_auditing.ps1
        ├── wmi_auditing_local_sub.xml
        └── wmi_auditing_remote_sub.xml


/LICENSE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/LICENSE


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/README.md


--------------------------------------------------------------------------------
/events/account_lockouts/account_lockouts_sub.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/events/account_lockouts/account_lockouts_sub.xml


--------------------------------------------------------------------------------
/events/account_logons/account_logons_sub.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/events/account_logons/account_logons_sub.xml


--------------------------------------------------------------------------------
/events/account_modifications/account_modifications_sub.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/events/account_modifications/account_modifications_sub.xml


--------------------------------------------------------------------------------
/events/add_subscriptions.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/events/add_subscriptions.ps1


--------------------------------------------------------------------------------
/events/applocker/applocker_sub.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/events/applocker/applocker_sub.xml


--------------------------------------------------------------------------------
/events/emet/emet_sub.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/events/emet/emet_sub.xml


--------------------------------------------------------------------------------
/events/event_forwarding_errors/event_forwarding_errors_sub.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/events/event_forwarding_errors/event_forwarding_errors_sub.xml


--------------------------------------------------------------------------------
/events/event_log_cleared/event_log_cleared_sub.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/events/event_log_cleared/event_log_cleared_sub.xml


--------------------------------------------------------------------------------
/events/file_share/file_share_sub.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/events/file_share/file_share_sub.xml


--------------------------------------------------------------------------------
/events/object_access_auditing/object_access_auditing_sub.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/events/object_access_auditing/object_access_auditing_sub.xml


--------------------------------------------------------------------------------
/events/process_tracking/process_tracking_sub.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/events/process_tracking/process_tracking_sub.xml


--------------------------------------------------------------------------------
/events/scheduled_tasks/scheduled_tasks_sub.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/events/scheduled_tasks/scheduled_tasks_sub.xml


--------------------------------------------------------------------------------
/events/services/services_sub.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/events/services/services_sub.xml


--------------------------------------------------------------------------------
/events/set_subscriptions_sources.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/events/set_subscriptions_sources.ps1


--------------------------------------------------------------------------------
/events/sysmon/sysmon_config.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/events/sysmon/sysmon_config.xml


--------------------------------------------------------------------------------
/events/sysmon/sysmon_ctime_sub.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/events/sysmon/sysmon_ctime_sub.xml


--------------------------------------------------------------------------------
/events/sysmon/sysmon_file_sub.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/events/sysmon/sysmon_file_sub.xml


--------------------------------------------------------------------------------
/events/sysmon/sysmon_image_sub.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/events/sysmon/sysmon_image_sub.xml


--------------------------------------------------------------------------------
/events/sysmon/sysmon_networking_sub.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/events/sysmon/sysmon_networking_sub.xml


--------------------------------------------------------------------------------
/events/sysmon/sysmon_other_sub.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/events/sysmon/sysmon_other_sub.xml


--------------------------------------------------------------------------------
/events/sysmon/sysmon_pipe_sub.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/events/sysmon/sysmon_pipe_sub.xml


--------------------------------------------------------------------------------
/events/sysmon/sysmon_process_access_sub.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/events/sysmon/sysmon_process_access_sub.xml


--------------------------------------------------------------------------------
/events/sysmon/sysmon_process_sub.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/events/sysmon/sysmon_process_sub.xml


--------------------------------------------------------------------------------
/events/sysmon/sysmon_registry_sub.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/events/sysmon/sysmon_registry_sub.xml


--------------------------------------------------------------------------------
/events/windows_error_reporting/windows_error_reporting_sub.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/events/windows_error_reporting/windows_error_reporting_sub.xml


--------------------------------------------------------------------------------
/events/windows_powershell/windows_powershell_engine_sub.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/events/windows_powershell/windows_powershell_engine_sub.xml


--------------------------------------------------------------------------------
/events/windows_powershell/windows_powershell_module_sub.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/events/windows_powershell/windows_powershell_module_sub.xml


--------------------------------------------------------------------------------
/events/windows_powershell/windows_powershell_script_block_sub.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/events/windows_powershell/windows_powershell_script_block_sub.xml


--------------------------------------------------------------------------------
/events/windows_powershell/windows_powershell_script_block_warnings_sub.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/events/windows_powershell/windows_powershell_script_block_warnings_sub.xml


--------------------------------------------------------------------------------
/events/wmi_auditing/wmi_auditing.ps1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/events/wmi_auditing/wmi_auditing.ps1


--------------------------------------------------------------------------------
/events/wmi_auditing/wmi_auditing_local_sub.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/events/wmi_auditing/wmi_auditing_local_sub.xml


--------------------------------------------------------------------------------
/events/wmi_auditing/wmi_auditing_remote_sub.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/AustralianCyberSecurityCentre/windows_event_logging/HEAD/events/wmi_auditing/wmi_auditing_remote_sub.xml


--------------------------------------------------------------------------------