Elastic Windows Event Explorer


Publisher - Microsoft-Windows-WinNat

Event ID 1009

Message:

Translating %{TransportProtocol} packet from %{IncomingSrcAddr}:%{IncomingDstAddr} to %{TranslatedSrcAddr}:%{TranslatedDstAddr}, IPID:%{Identification}. Status: %{Status}, IcmpType: %{IcmpType}, IcmpCode: %{IcmpCode}, IcmpErrorPayload: %{IcmpPayload}

Event Data:

# Name In Type
Out Type
1 IncomingAddrLen win:UInt32 xs:unsignedInt
2 IncomingSrcAddr win:Binary win:SocketAddress
3 IncomingDstAddr win:Binary win:SocketAddress
4 TranslatedAddrLen win:UInt32 xs:unsignedInt
5 TranslatedSrcAddr win:Binary win:SocketAddress
6 TranslatedDstAddr win:Binary win:SocketAddress
7 Identification win:UInt32 xs:unsignedInt
8 TransportProtocol win:UInt32 xs:unsignedInt
9 Status win:UInt32 win:NTStatus
10 IcmpType win:UInt32 xs:unsignedInt
11 IcmpCode win:UInt32 xs:unsignedInt
12 IcmpPayload win:Boolean xs:boolean

Observed Windows Versions:

Version: 0

Fingerprint: O6OGLZUU2HSNQ