We need to transform data in a format that is easily and readily readable by the feature generator. The columns that we generate comprise the following:
- startTimeISO
- Type of Windows event
- Destination name or IP
- Destination SecurityID
- Destination username
- Source log on type
- Source name or IP
- Destination NtDomain
- Destination service security ID
- Destination service name
- Source username
- Privileges
- Source host name
- Destination port
- AD profile path
- AD script path
- AD user workstation
- Source log on ID
- Source security ID
- Source NtDomain