Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Example Event

system:
  provider: Microsoft-Windows-HttpEvent
  guid: '{7b6bc78c-898b-4170-bbf8-1a469ea43fc5}'
  event_source_name: HTTP
  event_id: 15007
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 36028797018963968
  time_created: '2022-04-07T08:31:04.679734+00:00'
  event_record_id: 1020
  correlation: {}
  execution:
    process_id: 4
    thread_id: 128
  channel: System
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: ''
event_data:
  DeviceObject: ''
  Url: https://+:3392/rdp/
message: ''

References

• Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx

Fields

Fields

Example Event

system:
  provider: Microsoft-Windows-HttpEvent
  guid: '{7b6bc78c-898b-4170-bbf8-1a469ea43fc5}'
  event_source_name: HTTP
  event_id: 15008
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 36028797018963968
  time_created: '2022-04-07T08:30:58.023418+00:00'
  event_record_id: 1014
  correlation: {}
  execution:
    process_id: 4
    thread_id: 268
  channel: System
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: ''
event_data:
  DeviceObject: ''
  Url: https://+:3392/rdp/
message: ''

References

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Message

Reservation for namespace identified by URL prefix %2 was successfully added.

Fields

Message

Reservation for namespace identified by URL prefix %2 was successfully deleted.

Fields

Message

Unable to convert all entries on IP Listen-Only list.  Driver will listen on all available interfaces.

Message

The host %2 has gone down as a result of the change in the IP Listen-Only list.

Fields

Message

The host %2 has come up as a result of the change in the IP Listen-Only list.

Fields

Message

SSL Certificate Settings deleted for endpoint : %2 .

Fields

Message

SSL Certificate Settings created by an admin process for endpoint : %2 .

Fields

Message

SSL Certificate Settings updated by an admin process for endpoint : %2 .

Fields

Message

Unable to create log file %2. Make sure that the logging directory is correct and this computer has write access to that directory.

Fields

Message

Unable to create the log file for site W3SVC%2. Make sure that the logging directory for the site is correct and this computer has write access to that directory.

Fields

Message

Unable to write to the log file %2 for site W3SVC%3. Disk may be full. If this is a network path, make sure that network connectivity is not broken.

Fields

Message

Unable to create the centralized binary log file. Make sure that the logging directory is correct and this computer has write access to that directory.

Message

Unable to write to the centralized binary log file %2. Disk may be full. If this is a network path, make sure that network connectivity is not broken.

Fields

Message

Unable to bind to the underlying transport for %2. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine.  The data field contains the error number.

Fields

Message

Owner of the log file or directory %2 is invalid. This could be because another user has already created the log file or the directory.

Fields

Message

An error occurred while initializing namespace reservations.  The error status code is contained within the returned data.

Message

An error occured while initializing namespace reservation identified by URL prefix %2.  The error status code is contained within the returned data.

Fields

Message

Unable to create the error log file. Make sure that the error logging directory is correct.

Message

Unable to write to the error log file. Disk may be full. The data field contains the error number.

Message

Error logging configuration failed. The data field contains the error number.

Message

Unable to convert IP Listen-Only list entry %2.  The data field contains the error number.

Fields

Message

Unable to initialize the security package %2 for server side authentication.  The data field contains the error number.

Fields

Message

Unable to create the centralized W3C log file. Make sure that the logging directory is correct and this computer has write access to that directory.

Message

Unable to write to the centralized W3C log file %2. Disk may be full. If this is a network path, make sure that network connectivity is not broken.

Fields

Message

The host {Host} has gone down as a result of the change in the IP Listen-Only list.

Fields

Message

The host {Host} has come up as a result of the change in the IP Listen-Only list.

Fields

Message

An error occurred while using SSL configuration for endpoint %2.  The error status code is contained within the returned data.

Fields

Message

Http.sys failed to process a CPU hot-add event. Status: %2.

Fields