Skip to main content
Skip table of contents

EVID 4826 : Boot Configuration Data Loaded

Event Details

Event TypeBoot Configuration Data Loaded
Event Description4826(S) : Boot Configuration Data Loaded
Event ID4826
Vendor Documentationhttps://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4826

Log Fields and Parsing

This section details the log fields available in this log message type, along with values parsed for both LogRhythm Default and LogRhythm Default v2.0 policies. A value of "N/A" (not applicable) means that there isNo value parsed for a specified log field.

Log Field

LogRhythm Default

LogRhythm Default v2.0

ProviderN/AN/A
EventIDN/A<vmid>
VersionN/AN/A
LevelN/A<severity>
TaskN/A<vendorinfo>
OpcodeN/AN/A
KeywordsN/A<result>
TimeCreatedN/AN/A
EventRecordIDN/AN/A
CorrelationN/AN/A
ExecutionN/AN/A
ChannelN/AN/A
ComputerN/A<dname>
SubjectUserSidN/AN/A
SubjectUserNameN/AN/A
SubjectDomainNameN/AN/A
SubjectLogonIdN/AN/A
LoadOptionsN/AN/A
AdvancedOptionsN/AN/A
ConfigAccessPolicyN/A<policy>
RemoteEventLoggingN/AN/A
KernelDebugN/AN/A
VsmLaunchTypeN/AN/A
TestSigningN/AN/A
FlightSigningN/AN/A
DisableIntegrityChecksN/A<status>
HypervisorLoadOptionsN/AN/A
HypervisorLaunchTypeN/AN/A
HypervisorDebugN/AN/A

Log Processing Settings

This section details log processing changes made from the LogRhythm Default policy to LogRhythm Default v2.0. In some cases, base rules are broken down into sub-rules to appropriately parse log message types by their event types.

LogRhythm Default

N/A

LogRhythm Default v2.0

Regex ID

Rule Name

Rule Type

Common Event

Classification

1012327

V 2.0 : EVID 4826 : Boot Configuration Data Loaded

Base RuleConfiguration Loaded : SystemConfiguration
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close