detection.wiki

Microsoft-Windows-Base-Filtering-Engine-Connections

2 events across 1 channel

Event IDTitleChannel
2000New ConnectionOperational
2001Connection ClosedOperational

Event ID 2000 — New Connection

Provider
Microsoft-Windows-Base-Filtering-Engine-Connections
Channel
Operational
Opcode
Info

Description

New Connection.

Message #

New Connection

Fields #

NameDescription
ConnectionId UInt64
MachineAuthenticationMethod UInt32
RemoteMachineAccount UnicodeString
UserAuthenticationMethod UInt32
RemoteUserAcount UnicodeString
RemoteIPAddress UnicodeString
LocalIPAddress UnicodeString
TechnologyProviderKey GUID
IPsecTrafficMode UInt32
DHGroup UInt32
StartTime SYSTEMTIME

Event ID 2001 — Connection Closed

Provider
Microsoft-Windows-Base-Filtering-Engine-Connections
Channel
Operational
Opcode
Info

Description

Connection Closed.

Message #

Connection Closed

Fields #

NameDescription
ConnectionId UInt64
MachineAuthenticationMethod UInt32
RemoteMachineAccount UnicodeString
UserAuthenticationMethod UInt32
RemoteUserAcount UnicodeString
RemoteIPAddress UnicodeString
LocalIPAddress UnicodeString
TechnologyProviderKey GUID
IPsecTrafficMode UInt32
BytesTransferredInbound UInt64
BytesTransferredOutbound UInt64
BytesTransferredTotal UInt64
StartTime SYSTEMTIME
CloseTime SYSTEMTIME