EventCode,EventDescription
1,"Process Create"
2,"File Create Time"
3,"Network Connect"
4,"Sysmon Start"
5,"Process Terminate"
6,"Driver Load"
7,"Image Load"
8,"Create Remote Thread"
9,"Raw Access Read"
10,"Process Access"
11,"File Created"
12,"Registry object added or deleted"
13,"Registry value set"
14,"Registry object renamed"
15,"File stream created"
16,"Sysmon Configuration Changed"
17,"Pipe Created"
18,"Pipe Connected"
19,"WmiEventFilter activity detected"
20,"WmiEventConsumer activity detected"
21,"WmiEventConsumerToFilter activity detected"
22,"DNS Query"
255,"Error"