13. List of Event IDs
This list contains all event IDs that Aurora can produce. Event IDs are used when logging to the Windows Eventlog, and can also be included in the log message using --print-event-id.
13.2. Internal event IDs
Event ID |
Description |
---|---|
100 |
A license file was found. |
101 |
Status message (from |
102 |
Aurora Agent started. |
103 |
Aurora Agent is terminating. |
104 |
The current license expired. |
105 |
No valid license file was found. |
107 |
A process created a large amount of events. |
108 |
An internal panic occurred. |
13.3. Event IDs for other modules
Event ID |
Module |
---|---|
200 |
BeaconHunter |
300 |
Lsass Dump Detector |
400 |
ETW Canary |
500 |
Process Tampering Detector |
600 |
Temporary Driver Load Detector |
700 |
Command Line Mismatch Detector |
800 |
Event Distributor |
900 |
ETW Provider |
1000 |
Eventlog Provider |
1100 |
Handle Polling Provider |
1200 |
Resource Control |
1301 |
Filename IOC Match Found |