Elastic Windows Event Explorer


Publisher - Microsoft-Windows-WinNat

Event ID 1024

Message:

Added external address %{IPAddress}:%{PortStart}-%{PortEnd} to NAT instance %{InstanceName}

Event Data:

# Name In Type
Out Type
1 InstanceName win:UnicodeString xs:string
2 AddressLength win:UInt32 xs:unsignedInt
3 IPAddress win:Binary win:SocketAddress
4 PortStart win:UInt16 xs:unsignedShort
5 PortEnd win:UInt16 xs:unsignedShort

Observed Windows Versions:

Version: 0

Fingerprint: TUV72DZQ3XDW2