Elastic Windows Event Explorer


Publisher - Microsoft-Windows-WMI-Activity

Event ID 5860

Message:

Namespace = %{NamespaceName}; NotificationQuery = %{Query}; UserName = %{User}; ClientProcessID = %{processid}, ClientMachine = %{MachineName}; PossibleCause = %{PossibleCause}

Event Data:

# Name In Type
Out Type
1 NamespaceName win:UnicodeString xs:string
2 Query win:UnicodeString xs:string
3 User win:UnicodeString xs:string
4 processid win:UInt32 xs:unsignedInt
5 MachineName win:UnicodeString xs:string
6 PossibleCause win:UnicodeString xs:string

Observed Windows Versions:

Version: 0

Fingerprint: SKLKWVN3VGAK2