Elastic Windows Event Explorer


Publisher - Microsoft-Windows-PktMon

Event ID 140

Message:

Drop: MAC Dest %{DestinationMAC}, MAC Src %{SourceMAC}, EtherType %{EtherType}, VlanId %{VlanId}, IP Dest %{DestinationIP}, IP Src %{SourceIP}, Protocol %{Protocol}, Port Dest %{DestinationPort}, Port Src %{SourcePort}, TCPFlags %{TCPFlags}, PktGroupId %{PktGroupId}, PktCount %{PktCount}, Appearance %{AppearanceCount}, Direction %{DirTag}, Type %{PacketType}, Component %{ComponentId}, Edge %{EdgeId}, Filter %{FilterId}, DropReason %{DropReason}, DropLocation %{DropLocation}

Event Data:

# Name In Type
Out Type
1 DestinationMAC win:Binary xs:hexBinary
2 SourceMAC win:Binary xs:hexBinary
3 EtherType win:UInt16 xs:unsignedShort
4 VlanId win:UInt16 xs:unsignedShort
5 DestinationIP win:UInt32 win:IPv4
6 SourceIP win:UInt32 win:IPv4
7 Protocol win:UInt8 xs:unsignedByte
8 DestinationPort win:UInt16 xs:unsignedShort
9 SourcePort win:UInt16 xs:unsignedShort
10 TCPFlags win:UInt8 xs:unsignedByte
11 PktGroupId win:UInt64 xs:unsignedLong
12 PktCount win:UInt16 xs:unsignedShort
13 AppearanceCount win:UInt16 xs:unsignedShort
14 DirTag win:UInt16 xs:unsignedShort
15 PacketType win:UInt16 xs:unsignedShort
16 ComponentId win:UInt16 xs:unsignedShort
17 EdgeId win:UInt16 xs:unsignedShort
18 FilterId win:UInt16 xs:unsignedShort
19 DropReason win:UInt32 xs:unsignedInt
20 DropLocation win:UInt32 win:HexInt32

Observed Windows Versions:

Version: 0

Fingerprint: 6YE4MDLUJWYBU