Elastic Windows Event Explorer


Publisher - Microsoft-Windows-WinNat

Event ID 1011

Message:

Packet filter %{Action} Status: %{Status}. Instance: %{InstanceName}, SrcPrefix: %{InternalSrcPrefix}, SrcPrefixLength: %{InternalSrcPrefixLength}, DstPrefix: %{InternaDstlPrefix}, DstPrefixLength: %{InternalDstPrefixLength}, Ipv4Prefix: %{IPv4Prefix}, Ipv4PrefixLength: %{IPv4PrefixLength}, Nat64: %{Nat64}, InterfaceLuid: %{InterfaceLuid}

Event Data:

# Name In Type
Out Type
1 InstanceName win:UnicodeString xs:string
2 InternalPrefixAddrLength win:UInt32 xs:unsignedInt
3 InternalSrcPrefix win:Binary win:SocketAddress
4 InternalSrcPrefixLength win:UInt32 xs:unsignedInt
5 InternaDstlPrefix win:Binary win:SocketAddress
6 InternalDstPrefixLength win:UInt32 xs:unsignedInt
7 IPv4Prefix win:UInt32 win:IPv4
8 IPv4PrefixLength win:UInt32 xs:unsignedInt
9 Nat64 win:Boolean xs:boolean
10 InterfaceLuid win:UInt64 xs:unsignedLong
11 FilterId win:UInt64 xs:unsignedLong
12 Action win:UInt32 xs:unsignedInt
13 Status win:UInt32 win:NTStatus

Observed Windows Versions:

Version: 0

Fingerprint: HTCQ477J53FSQ