Elastic Windows Event Explorer


Publisher - Microsoft-Windows-Sysmon

Event ID 4 v3

Message:

Sysmon service state changed:
UtcTime: %{UtcTime}
State: %{State}
Version: %{Version}
SchemaVersion: %{SchemaVersion}

Event Data:

# Name In Type
Out Type
1 UtcTime win:UnicodeString xs:string
2 State win:UnicodeString xs:string
3 Version win:UnicodeString xs:string
4 SchemaVersion win:UnicodeString xs:string

Observed Windows Versions:

Version: 3

Fingerprint: 35UU5KSDFACNA