This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Registry Event Properties
The following event properties can be used with registry events in uAQL queries (event type Reg.*). In addition to the properties listed here, the common properties are applicable, too.
| Property name | uAQL Data Type | Description | Platform |
|---|---|---|---|
Reg.Key.Path |
String | The absolute path of the registry key (e.g., ^HKLM\\SYSTEM\\.*ControlSet.*\\Services\\lmhosts$). Not supported for Reg.Key.Rename. |
Win |
Reg.Key.Name |
String | The name of the registry key - the last path element of the full path (e.g., ^lmhosts$). Not supported for Reg.Key.Rename. |
Win |
Reg.Parent.Key.Path |
String | The absolute path to the parent key (e.g., ^HKLM\\SYSTEM\\.*ControlSet.*\\Services$). Not supported for Reg.Key.Rename. |
Win |
Reg.Key.Path.New |
String | The new absolute path of the registry key (e.g., ^HKLM\\SYSTEM\\.*ControlSet.*\\Services\\lmhosts$). Only supported for Reg.Key.Rename. |
Win |
Reg.Key.Path.Old |
String | The old absolute path of the registry key (e.g., ^HKLM\\SYSTEM\\.*ControlSet.*\\Services\\lmhosts$). Only supported for Reg.Key.Rename. |
Win |
Reg.Value.Name |
String | The name of a key property (e.g., RequiredPrivileges). |
Win |
Reg.Value.Data |
String | The value is formatted to be compatible with Sysmon. DWORD values are formatted with a hexadecimal representation, for example: DWORD (0x00000001). QWORD values are shown in a range format, such as: QWORD (0x00000001-0x00000002). Empty Strings are denoted as: (Empty). Binary Data and Multiline Strings, including Empty Multiline Strings, are all represented as: Binary Data. Regular Strings remain unchanged. Expandable Strings have any percent (%) characters escaped, so %PATH% becomes %%PATH%%. |
Win |
Reg.Value.Data.Number |
Number | Access to the non-formatted DWORD and QWORD registry values as number. |
Win |
Reg.Value.Data.String |
String | Access to the non-formatted registry value strings. | Win |
Reg.Value.Type |
Number | The numeric value represents the data-type of the content written to the registry value. Possible values include: 0 = REG_NONE 1 = REG_SZ 2 = REG_EXPAND_SZ 3 = REG_BINARY 4 = REG_DWORD 4 = REG_DWORD_LITTLE_ENDIAN 5 = REG_DWORD_BIG_ENDIAN 6 = REG_LINK 7 = REG_MULTI_SZ 8 = REG_RESOURCE_LIST 9 = REG_FULL_RESOURCE_DESCRIPTOR 10 = REG_RESOURCE_REQUIREMENTS_LIST 11 = REG_QWORD 11 = REG_QWORD_LITTLE_ENDIAN For more details, see the Microsoft documentation. |
Win |
Reg.EventType |
String | The Event Type identifies the actual registry event. Possible values include: SetValue DeleteValue RenameKey DeleteKey CreateKey | Win |
Reg.File.Name |
String | A file path (e.g., C:\TempHive.hiv). Supported for Reg.Key.Load, Reg.Key.Restore, Reg.Key.Save, or Reg.Key.Replace. |
Win |
Reg.Key.Sddl |
String | The security descriptor (SD) of a registry key. | Win |
Reg.Key.Hive |
String | The name of the Hive (e.g., HKLM). |
Win |
Reg.Key.Target |
String | The absolute path of the registry key. Takes Reg.Key.Path.Old or Reg.Key.Path and is thus never empty. |
Win |
Reg.TargetObject |
String | This property is either the full path to the registry key or the full path to the registry value. | Win |
Share
Share
In this article
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.