Elastic Windows Event Explorer


Publisher - Microsoft-Windows-WinNat

Event ID 1001 v1

Message:

%{TransportProtocol} session created. Internal source transport addr: %{InternalSrcAddr} (CompartmentId %{InternalCompartmentId}), Internal dest transport addr: %{InternalDstAddr}, External source transport addr %{ExternalSrcAddr}, External dest transport addr %{ExternalDstAddr}, Lifetime: %{Lifetime} seconds, TcpState:%{TcpSessionState}

Event Data:

# Name In Type
Out Type
1 InternalAddrLen win:UInt32 xs:unsignedInt
2 InternalSrcAddr win:Binary win:SocketAddress
3 InternalDstAddr win:Binary win:SocketAddress
4 ExternalAddrLen win:UInt32 xs:unsignedInt
5 ExternalSrcAddr win:Binary win:SocketAddress
6 ExternalDstAddr win:Binary win:SocketAddress
7 TransportProtocol win:UInt32 xs:unsignedInt
8 Lifetime win:UInt32 xs:unsignedInt
9 TcpSessionState win:UInt32 xs:unsignedInt
10 InternalCompartmentId win:UInt32 xs:unsignedInt

Observed Windows Versions:

Version: 1

Fingerprint: JSWDNH2FHAU3U