Elastic Windows Event Explorer


Publisher - Microsoft-Windows-HttpService

Event ID 21

Message:

New connection created (local IP address %{LocalAddr} and remote address %{RemoteAddr}).

Event Data:

# Name In Type
Out Type
1 ConnectionObj win:Pointer win:HexInt64
2 LocalAddrLength win:UInt32 xs:unsignedInt
3 LocalAddr win:Binary win:SocketAddress
4 RemoteAddrLength win:UInt32 xs:unsignedInt
5 RemoteAddr win:Binary win:SocketAddress

Observed Windows Versions:

Version: 0

Fingerprint: KTCFJSKTL5HQG