Elastic Windows Event Explorer


Publisher - Microsoft-Windows-WMI-Activity

Event ID 22

Message:

CorrelationId = %{CorrelationId}; GroupOperationId = %{GroupOperationId}; OperationId = %{OperationId}; ClassName= %{ClassName}; MethodName = %{MethodName}; ImplementationClass = %{ImplementationClass}; ClientMachine = %{ClientMachine}; User = %{User}; ClientProcessId = %{ClientProcessId}; NamespaceName = %{NamespaceName}

Event Data:

# Name In Type
Out Type
1 CorrelationId win:UnicodeString xs:string
2 GroupOperationId win:UInt32 xs:unsignedInt
3 OperationId win:UInt32 xs:unsignedInt
4 ClassName win:UnicodeString xs:string
5 MethodName win:UnicodeString xs:string
6 ImplementationClass win:UnicodeString xs:string
7 ClientMachine win:UnicodeString xs:string
8 ClientMachineFQDN win:UnicodeString xs:string
9 User win:UnicodeString xs:string
10 ClientProcessId win:UInt32 xs:unsignedInt
11 ClientProcessCreationTime win:UInt64 xs:unsignedLong
12 NamespaceName win:UnicodeString xs:string
13 IsLocal win:Boolean xs:boolean

Observed Windows Versions:

Version: 0

Fingerprint: CHAKJ5T5L4EFQ