A comprehensive lookup tool for Windows Security Audit Events and their field definitions for cybersecurity professionals.

• Event ID: Enter a specific Windows Event ID (e.g., 4624 for successful logon)
• Category: Select from dropdown (System, Logon/Logoff, etc.)
• Subcategory: Filter by specific subcategory
• Message Search: Type keywords to search in event descriptions

• Search Fields: Use the search box to find specific field names
• Multi-Select: Check multiple fields to find events containing ALL selected fields
• Quick Actions:
  • select all visible - Select all currently filtered fields
  • clear all - Uncheck all selected fields

Each event result includes two query generation buttons:

Generates ready-to-use Splunk searches:

EventCode=4624
| table _time, host, SubjectUserSid, SubjectUserName, TargetUserSid, LogonType, _raw

Generates Elasticsearch/ELK queries:

| where winlog.event_id == 4624
| keep @timestamp, host.name, winlog.event_data.SubjectUserSid, winlog.event_data.SubjectUserName, message

• Click any query button to automatically copy to clipboard
• Visual feedback shows "copied!" confirmation
• Works in all modern browsers

Replace Sample Data: In script.js, locate the loadData() method and replace the sample events:

loadData() {
    try {
        this.events = [
            // Replace this array with your complete JSON data
            {
                "event_id": 4624,
                "category": "Logon/Logoff",
                "subcategory": "Logon",
                "message_summary": "An account was successfully logged on.",
                "field_count": 18,
                "field_names": ["SubjectUserSid", "SubjectUserName", ...],
                "documentation_url": "https://learn.microsoft.com/..."
            }
            // ... more events
        ];

[
  {
    "event_id": 4624,
    "category": "Logon/Logoff", 
    "subcategory": "Logon",
    "message_summary": "An account was successfully logged on.",
    "field_count": 18,
    "field_names": ["SubjectUserSid", "SubjectUserName", "TargetUserSid"],
    "documentation_url": "https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/event-4624"
  }
]

• Combine Filters: Use multiple filters together for precise results
• Field Search: Type partial field names (e.g., "User" finds all user-related fields)
• Message Keywords: Search descriptions with terms like "logon", "failed", "access"

• Microsoft Security Auditing Events
• Ultimate Windows Security Encyclopedia

1. Fork the repository
2. Add new features or improvements
3. Test thoroughly across browsers
4. Submit pull request with clear description

Happy Hunting! 🛡️

Built with ❤️ for the cybersecurity community