11. List of Event IDs

This list contains all event IDs that Aurora can produce. Event IDs are used when logging to the Windows Eventlog, and can also be included in the log message using --print-event-id.

11.2. Internal event IDs

Event ID

Description

100

A license file was found.

101

Status message (from --report-stats)

102

Aurora Agent started.

103

Aurora Agent is terminating.

104

The current license expired.

105

No valid license file was found.

107

A process created a large amount of events.

108

An internal panic occurred.

11.3. Event IDs for other modules

Event ID

Module

200

BeaconHunter

300

Lsass Dump Detector

400

ETW Canary

500

Process Tampering Detector

600

Temporary Driver Load Detector

700

Command Line Mismatch Detector

800

Event Distributor

900

ETW Provider

1000

Eventlog Provider

1100

Handle Polling Provider

1200

Resource Control