Elastic Windows Event Explorer


Publisher - Microsoft-Windows-Sysmon

Event ID 20 v3

Message:

WmiEventConsumer activity detected:
RuleName: %{RuleName}
EventType: %{EventType}
UtcTime: %{UtcTime}
Operation: %{Operation}
User: %{User}
Name: %{Name}
Type: %{Type}
Destination: %{Destination}

Event Data:

# Name In Type
Out Type
1 RuleName win:UnicodeString xs:string
2 EventType win:UnicodeString xs:string
3 UtcTime win:UnicodeString xs:string
4 Operation win:UnicodeString xs:string
5 User win:UnicodeString xs:string
6 Name win:UnicodeString xs:string
7 Type win:UnicodeString xs:string
8 Destination win:UnicodeString xs:string

Observed Windows Versions:

Version: 3

Fingerprint: ZVCAYFQXIHN6E