This may seem like a pretty basic request, but has anyone else had any issues parsing windows event logs? I've been struggling to find a definitive list of all the fields from "Application Information" and beyond. Does anyone have this or have a way to auto parse the fields?
`Audit Success,21/03/2016 14:07:59,Microsoft-Windows-Security-Auditing,5156,Filtering Platform Connection,"The Windows Filtering Platform has permitted a connection.
Application Information:
Process ID: 4
Application Name: System
Network Information:
Direction: Outbound
Source Address: 10.0.0.1
Source Port: 8
Destination Address: 1.1.1.1
Destination Port: 0
Protocol: 1
Filter Information:
Filter Run-Time ID: 67762
Layer Name: Connect
Layer Run-Time ID: 48"`