Elastic Windows Event Explorer


Publisher - Microsoft-Windows-WMI-Activity

Event ID 17

Message:

CorrelationId = %{CorrelationId}; ProcessId = %{ProcessId}; Protocol = %{Protocol}; Operation = %{Operation}; User = %{User}; Namespace = %{Namespace}

Event Data:

# Name In Type
Out Type
1 CorrelationId win:UnicodeString xs:string
2 ProcessId win:UInt32 xs:unsignedInt
3 Protocol win:UnicodeString xs:string
4 Operation win:UnicodeString xs:string
5 User win:UnicodeString xs:string
6 Namespace win:UnicodeString xs:string

Observed Windows Versions:

Version: 0

Fingerprint: IU2SPCSYG4KGO