Elastic Windows Event Explorer


Publisher - Microsoft-Windows-WMI-Activity

Event ID 19

Message:

Performing delete operation on the WMI repository. OperationID = %{OperationID}; Operation = %{Operation}

Event Data:

# Name In Type
Out Type
1 OperationID win:UInt32 xs:unsignedInt
2 Operation win:UnicodeString xs:string
3 ClientProcessId win:UInt32 xs:unsignedInt
4 ClientMachineFQDN win:UnicodeString xs:string
5 ClientProcessCreationTime win:UInt64 xs:unsignedLong
6 IsLocal win:Boolean xs:boolean

Observed Windows Versions:

Version: 0

Fingerprint: 4AQ7M7GBEAFKA