Microsoft-Windows-Diagnosis-Scheduled
20 events across 1 channel
Event ID 1 — The scheduled diagnostic task has detected a change in state for a check registered in Security and Maintenance.
Message
Event ID 2 — Scheduled diagnostics have started.
Message
Example Event
system:
provider: Microsoft-Windows-Diagnosis-Scheduled
guid: 40AB57C2-1C53-4DF9-9324-FF7CF898A02C
event_source_name: ''
event_id: 2
version: 0
level: 4
task: 0
opcode: 0
keywords: 9223372071214514176
time_created: '2022-04-04T07:40:09.731501+00:00'
event_record_id: 1
correlation: {}
execution:
process_id: 4124
thread_id: 4168
channel: Microsoft-Windows-Diagnosis-Scheduled/Operational
computer: WIN-TKC15D7KHUR
security:
user_id: S-1-5-21-1958040314-2592322477-2606035944-500
event_data: {}
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 3 — Scheduled diagnostics have been completed.
Message
Example Event
system:
provider: Microsoft-Windows-Diagnosis-Scheduled
guid: 40AB57C2-1C53-4DF9-9324-FF7CF898A02C
event_source_name: ''
event_id: 3
version: 0
level: 4
task: 0
opcode: 0
keywords: 9223372071214514176
time_created: '2022-04-04T07:40:22.892108+00:00'
event_record_id: 7
correlation: {}
execution:
process_id: 4124
thread_id: 4192
channel: Microsoft-Windows-Diagnosis-Scheduled/Operational
computer: WIN-TKC15D7KHUR
security:
user_id: S-1-5-21-1958040314-2592322477-2606035944-500
event_data: {}
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 4 — Scheduled diagnostics have been disabled.
Message
Event ID 5 — The scheduled diagnostic task has started initializing a diagnostic package.
Message
Fields
| Name | Description |
|---|---|
PackagePath | — |
Example Event
system:
provider: Microsoft-Windows-Diagnosis-Scheduled
guid: 40AB57C2-1C53-4DF9-9324-FF7CF898A02C
event_source_name: ''
event_id: 5
version: 0
level: 4
task: 0
opcode: 0
keywords: 9223372071214514176
time_created: '2022-04-04T07:40:09.738416+00:00'
event_record_id: 2
correlation: {}
execution:
process_id: 4124
thread_id: 4192
channel: Microsoft-Windows-Diagnosis-Scheduled/Operational
computer: WIN-TKC15D7KHUR
security:
user_id: S-1-5-21-1958040314-2592322477-2606035944-500
event_data:
PackagePath: C:\Windows\diagnostics\scheduled\Maintenance
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 6 — The scheduled diagnostic task has completed initialization of a diagnostic package.
Message
Fields
| Name | Description |
|---|---|
PackageID | — |
Example Event
system:
provider: Microsoft-Windows-Diagnosis-Scheduled
guid: 40AB57C2-1C53-4DF9-9324-FF7CF898A02C
event_source_name: ''
event_id: 6
version: 0
level: 4
task: 0
opcode: 0
keywords: 9223372071214514176
time_created: '2022-04-04T07:40:10.133702+00:00'
event_record_id: 3
correlation: {}
execution:
process_id: 4124
thread_id: 4192
channel: Microsoft-Windows-Diagnosis-Scheduled/Operational
computer: WIN-TKC15D7KHUR
security:
user_id: S-1-5-21-1958040314-2592322477-2606035944-500
event_data:
PackageID: MaintenanceDiagnostic
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 7 — The scheduled diagnostic task has started troubleshooting a diagnostic package.
Message
Fields
| Name | Description |
|---|---|
PackageID | — |
Example Event
system:
provider: Microsoft-Windows-Diagnosis-Scheduled
guid: 40AB57C2-1C53-4DF9-9324-FF7CF898A02C
event_source_name: ''
event_id: 7
version: 0
level: 4
task: 0
opcode: 0
keywords: 9223372071214514176
time_created: '2022-04-04T07:40:10.133704+00:00'
event_record_id: 4
correlation: {}
execution:
process_id: 4124
thread_id: 4192
channel: Microsoft-Windows-Diagnosis-Scheduled/Operational
computer: WIN-TKC15D7KHUR
security:
user_id: S-1-5-21-1958040314-2592322477-2606035944-500
event_data:
PackageID: MaintenanceDiagnostic
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 8 — The scheduled diagnostic task has completed troubleshooting a diagnostic package.
Message
Fields
| Name | Description |
|---|---|
PackageID | — |
RootCauseCount | — |
Example Event
system:
provider: Microsoft-Windows-Diagnosis-Scheduled
guid: 40AB57C2-1C53-4DF9-9324-FF7CF898A02C
event_source_name: ''
event_id: 8
version: 0
level: 4
task: 0
opcode: 0
keywords: 9223372071214514176
time_created: '2022-04-04T07:40:22.888106+00:00'
event_record_id: 5
correlation: {}
execution:
process_id: 4124
thread_id: 4192
channel: Microsoft-Windows-Diagnosis-Scheduled/Operational
computer: WIN-TKC15D7KHUR
security:
user_id: S-1-5-21-1958040314-2592322477-2606035944-500
event_data:
PackageID: MaintenanceDiagnostic
RootCauseCount: 2
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 9 — The scheduled diagnostic task has detected a root cause.
Message
Fields
| Name | Description |
|---|---|
RootCauseID | — |
RootCauseName | — |
RootCauseDescription | — |
Event ID 10 — The scheduled diagnostic task has started resolving a detected root cause.
Message
Fields
| Name | Description |
|---|---|
RootCauseID | — |
ResolutionID | — |
Event ID 11 — The scheduled diagnostic task has completed resolving a detected root cause.
Message
Fields
| Name | Description |
|---|---|
RootCauseID | — |
ResolutionID | — |
Event ID 12 — The scheduled diagnostic task has started verifying the fix applied for a detected root cause.
Message
Fields
| Name | Description |
|---|---|
RootCauseID | — |
Event ID 13 — The scheduled diagnostic task has determined that the root cause no longer exists.
Message
Fields
| Name | Description |
|---|---|
RootCauseID | — |
Event ID 14 — The scheduled diagnostic task has determined that the root cause continues to exist.
Message
Fields
| Name | Description |
|---|---|
RootCauseID | — |
Event ID 15 — The scheduled diagnostic task has encountered an error.
Message
Fields
| Name | Description |
|---|---|
PackageID | — |
ErrorCode | — |
Event ID 96 — TEST: One or more rootcauses were detected and a package wide notification was raised.
Message
Fields
| Name | Description |
|---|---|
hc_stateid | — |
Data1 | — |
Data2 | — |
Event ID 97 — TEST: No rootcauses were detected and a package wide reset notification was raised.
Message
Fields
| Name | Description |
|---|---|
hc_stateid | — |
Event ID 98 — TEST: A rootcause was detected and a rootcause wide notification was raised.
Message
Fields
| Name | Description |
|---|---|
hc_stateid | — |
Data1 | — |
Data2 | — |
Event ID 99 — TEST: A root cause does not exist and a root cause reset notification was raised.
Message
Fields
| Name | Description |
|---|---|
hc_stateid | — |
Event ID 100 — System maintenance detected issues requiring your attention.
Message
Fields
| Name | Description |
|---|---|
hc_stateid | — |
Example Event
system:
provider: Microsoft-Windows-Diagnosis-Scheduled
guid: 40AB57C2-1C53-4DF9-9324-FF7CF898A02C
event_source_name: ''
event_id: 100
version: 0
level: 1
task: 0
opcode: 0
keywords: 9223372054034644992
time_created: '2022-04-04T07:40:22.888110+00:00'
event_record_id: 6
correlation: {}
execution:
process_id: 4124
thread_id: 4192
channel: Microsoft-Windows-Diagnosis-Scheduled/Operational
computer: WIN-TKC15D7KHUR
security:
user_id: S-1-5-21-1958040314-2592322477-2606035944-500
event_data:
hc_stateid: 0
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline