Elastic Windows Event Explorer


Publisher - Microsoft-Windows-WinNat

Event ID 1027

Message:

Added static mapping %{TransportProtocol} %{ExternalTransportAddress} > %{InternalTransportAddress} (CompartmentId %{CompartmentId}) to NAT instance %{InstanceName} (%{MappingType} %{RemoteAddressPrefix}/%{RemoteAddressPrefixLength})

Event Data:

# Name In Type
Out Type
1 InstanceName win:UnicodeString xs:string
2 TransportProtocol win:UInt32 xs:unsignedInt
3 MappingType win:UInt32 xs:unsignedInt
4 AddressLength win:UInt32 xs:unsignedInt
5 ExternalTransportAddress win:Binary win:SocketAddress
6 InternalTransportAddress win:Binary win:SocketAddress
7 InternalRoutingDomainId win:GUID xs:GUID
8 CompartmentId win:UInt32 xs:unsignedInt
9 RemoteAddressPrefix win:Binary win:SocketAddress
10 RemoteAddressPrefixLength win:UInt32 xs:unsignedInt

Observed Windows Versions:

Version: 0

Fingerprint: VDXHTLC6KKBIA