In the Data Dictionary of Windows Security Event 4741, the field UserParameters is translated into target_host_user_paremeters (with a typo), and UserAccountControl into target_host_user_account_control. For Event 4742, the corresponding fields are translated into target_host_parameters and target_host_account_control, so with one user fewer. I haven't been able to find those defined in the CDM; what is the right standard field name?

Hey @nicolasreich ! Thank you very much for going through the events standardization and providing feedback. We are still working on those and trying to create the right data entity for those and attributes. I will add that to the list of upcoming updates. I believe initially it was meant to be part of the Target Entity. That needs to be reviewed.