Mappings: Windows - Security - 4618
| Input | Value |
|---|---|
| Vendor | Microsoft |
| Product | Windows |
| Log Format | Windows |
| Event ID Regex Pattern | Security-4618 |
| Output | Value |
|---|---|
| Vendor | Microsoft |
| Product | Windows |
| Record Type | Audit |
| Cloud SIEM Schema Field | Original Record Key | Notes |
|---|---|---|
| description | None | The static text A registry value was modified is populated in this schema field. |
| device_hostname | EventData.ComputerName | |
| user_authDomain | EventData.TargetUserDomain | |
| user_userId | EventData.TargetUserSid | |
| user_username | EventData.TargetUserName |