Elastic Windows Event Explorer


Publisher - Microsoft-Windows-Crypto-RSAEnh

Event ID 6

Message:

%{Attributes}

 Process: 	%{ProcessName}
 File Path: 	%{MachineKeyset}
 Desired Access: 	%{FilePath}
 Share Mode: 	%{DesiredAccess}
 Creation Disposition: 	%{ShareMode}
 Attributes: 	%{CreationDisposition}

Event Data:

# Name In Type
Out Type
1 ProcessName win:UnicodeString xs:string
2 MachineKeyset win:Boolean xs:boolean
3 FilePath win:UnicodeString xs:string
4 DesiredAccess win:UInt32 xs:unsignedInt
5 ShareMode win:UInt32 xs:unsignedInt
6 CreationDisposition win:UInt32 xs:unsignedInt
7 Attributes win:UInt32 xs:unsignedInt
8 Status win:UInt32 xs:unsignedInt
9 ErrorDescription win:UnicodeString xs:string

Observed Windows Versions:

Version: 0

Fingerprint: L4XOYUPIJZPXY