Elastic Windows Event Explorer


Publisher - Microsoft-Windows-Sysmon

Event ID 6 v4

Message:

Driver loaded:
RuleName: %{RuleName}
UtcTime: %{UtcTime}
ImageLoaded: %{ImageLoaded}
Hashes: %{Hashes}
Signed: %{Signed}
Signature: %{Signature}
SignatureStatus: %{SignatureStatus}

Event Data:

# Name In Type
Out Type
1 RuleName win:UnicodeString xs:string
2 UtcTime win:UnicodeString xs:string
3 ImageLoaded win:UnicodeString xs:string
4 Hashes win:UnicodeString xs:string
5 Signed win:UnicodeString xs:string
6 Signature win:UnicodeString xs:string
7 SignatureStatus win:UnicodeString xs:string

Observed Windows Versions:

Version: 4

Fingerprint: 5HNO23JAC2XIE