Elastic Windows Event Explorer


Publisher - Microsoft-Windows-WMI-Activity

Event ID 5859

Message:

Namespace = %{NamespaceName}; NotificationQuery = %{Query}; OwnerName = %{User}; HostProcessID = %{processid};  Provider= %{providerName}, queryID = %{queryid}; PossibleCause = %{PossibleCause}

Event Data:

# Name In Type
Out Type
1 NamespaceName win:UnicodeString xs:string
2 Query win:UnicodeString xs:string
3 User win:UnicodeString xs:string
4 processid win:UInt32 xs:unsignedInt
5 providerName win:UnicodeString xs:string
6 queryid win:UInt32 xs:unsignedInt
7 PossibleCause win:UnicodeString xs:string

Observed Windows Versions:

Version: 0

Fingerprint: 6YEHD2BGCRFGE