Elastic Windows Event Explorer


Publisher - Microsoft-Windows-WMI-Activity

Event ID 20

Message:

Performing Update operation on the WMI repository. OperationID = %{OperationID}; Operation = %{Operation}; Flags = %{Flags}

Event Data:

# Name In Type
Out Type
1 OperationID win:UInt32 xs:unsignedInt
2 Operation win:UnicodeString xs:string
3 Flags win:UInt32 xs:unsignedInt
4 ClientProcessId win:UInt32 xs:unsignedInt
5 ClientMachineFQDN win:UnicodeString xs:string
6 ClientProcessCreationTime win:UInt64 xs:unsignedLong
7 IsLocal win:Boolean xs:boolean

Observed Windows Versions:

Version: 0

Fingerprint: WSQH7RC6BZGU6