Elastic Windows Event Explorer


Publisher - Microsoft-Windows-TCPIP

Event ID 1034 v1

Message:

TCP: connection %{Tcb} (local=%{LocalAddress} remote=%{RemoteAddress}) connect attempt failed with status = %{Status}.

Event Data:

# Name In Type
Out Type
1 LocalAddressLength win:UInt32 xs:unsignedInt
2 LocalAddress win:Binary win:SocketAddress
3 RemoteAddressLength win:UInt32 xs:unsignedInt
4 RemoteAddress win:Binary win:SocketAddress
5 Status win:UInt32 win:NTStatus
6 ProcessId win:UInt32 xs:unsignedInt
7 Compartment win:UInt32 xs:unsignedInt
8 Tcb win:Pointer win:HexInt64
9 ProcessStartKey win:UInt64 xs:unsignedLong

Observed Windows Versions:

Version: 1

Fingerprint: D47ITJKVNJAZO