Elastic Windows Event Explorer


Publisher - Microsoft-Windows-WMI-Activity

Event ID 1

Message:

GroupOperationId = %{GroupOperationId}; OperationId = %{OperationId}; Operation = %{Operation}; ClientMachine = %{ClientMachine}; User = %{User}; ClientProcessId = %{ClientProcessId}; NamespaceName = %{NamespaceName}

Event Data:

# Name In Type
Out Type
1 GroupOperationId win:UInt32 xs:unsignedInt
2 OperationId win:UInt32 xs:unsignedInt
3 Operation win:UnicodeString xs:string
4 ClientMachine win:UnicodeString xs:string
5 User win:UnicodeString xs:string
6 ClientProcessId win:UInt32 xs:unsignedInt
7 NamespaceName win:UnicodeString xs:string

Observed Windows Versions:

Version: 0

Fingerprint: 7YCKR5N6OCECS