Elastic Windows Event Explorer


Publisher - Microsoft-Windows-WinNat

Event ID 1010

Message:

Nat Instance %{InstanceName} %{Action} Status: %{Status}.UdpIdleSessionTimeout: %{UdpIdleSessionTimeout} sec, TcpTransientConnectionTimeout: %{TcpTransientConnectionTimeout}, TcpEstablishedConnectionTimeout: %{TcpEstablishedConnectionTimeout}, IcmpQueryTimeout: %{IcmpQueryTimeout}, TcpFilteringBehavior: %{TcpFilteringBehavior}, UdpFilteringBehavior: %{UdpFilteringBehavior}, UdpInboundRefresh: %{UdpInboundRefresh}, Enabled: %{Enabled}

Event Data:

# Name In Type
Out Type
1 InstanceName win:UnicodeString xs:string
2 UdpIdleSessionTimeout win:UInt32 xs:unsignedInt
3 TcpTransientConnectionTimeout win:UInt32 xs:unsignedInt
4 TcpEstablishedConnectionTimeout win:UInt32 xs:unsignedInt
5 IcmpQueryTimeout win:UInt32 xs:unsignedInt
6 TcpFilteringBehavior win:UInt32 xs:unsignedInt
7 UdpFilteringBehavior win:UInt32 xs:unsignedInt
8 UdpInboundRefresh win:Boolean xs:boolean
9 Enabled win:Boolean xs:boolean
10 Status win:UInt32 win:NTStatus
11 Action win:UInt32 xs:unsignedInt

Observed Windows Versions:

Version: 0

Fingerprint: BL3CPEMS3GO5M