Elastic Windows Event Explorer


Publisher - Microsoft-Windows-WinNat

Event ID 1025

Message:

Removed external address %{IPAddress}:%{PortStart}-%{PortEnd} from NAT instance %{InstanceName}

Event Data:

# Name In Type
Out Type
1 InstanceName win:UnicodeString xs:string
2 AddressLength win:UInt32 xs:unsignedInt
3 IPAddress win:Binary win:SocketAddress
4 PortStart win:UInt16 xs:unsignedShort
5 PortEnd win:UInt16 xs:unsignedShort

Observed Windows Versions:

Version: 0

Fingerprint: 2LNIWSPJYQ2EC