Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-HttpEvent",
    "guid": "{7b6bc78c-898b-4170-bbf8-1a469ea43fc5}",
    "event_source_name": "HTTP",
    "event_id": 15007,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 36028797018963968,
    "time_created": "2022-04-07T08:31:04.679734+00:00",
    "event_record_id": 1020,
    "correlation": {},
    "execution": {
      "process_id": 4,
      "thread_id": 128
    },
    "channel": "System",
    "computer": "WIN-FPV0DSIC9O6.lab.local",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "DeviceObject": "",
    "Url": "https://+:3392/rdp/"
  },
  "message": ""
}

References #

• Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx

Fields #

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-HttpEvent",
    "guid": "{7b6bc78c-898b-4170-bbf8-1a469ea43fc5}",
    "event_source_name": "HTTP",
    "event_id": 15008,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 36028797018963968,
    "time_created": "2022-04-07T08:30:58.023418+00:00",
    "event_record_id": 1014,
    "correlation": {},
    "execution": {
      "process_id": 4,
      "thread_id": 268
    },
    "channel": "System",
    "computer": "WIN-FPV0DSIC9O6.lab.local",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "DeviceObject": "",
    "Url": "https://+:3392/rdp/"
  },
  "message": ""
}

References #

• Example event sourced from https://github.com/NextronSystems/evtx-baseline

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-HttpEvent",
    "guid": "{7b6bc78c-898b-4170-bbf8-1a469ea43fc5}",
    "event_source_name": "HTTP",
    "event_id": 15300,
    "version": 0,
    "level": 3,
    "task": 0,
    "opcode": 0,
    "keywords": 36028797018963968,
    "time_created": "2026-03-13T23:13:38.970375+00:00",
    "event_record_id": 12418,
    "correlation": {},
    "execution": {
      "process_id": 4,
      "thread_id": 3408
    },
    "channel": "System",
    "computer": "LAB-DC01.ludus.domain",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "DeviceObject": "",
    "Endpoint": "adfs.ludus.domain:443"
  },
  "message": ""
}

Fields #

Fields #

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-HttpEvent",
    "guid": "{7b6bc78c-898b-4170-bbf8-1a469ea43fc5}",
    "event_source_name": "HTTP",
    "event_id": 15301,
    "version": 0,
    "level": 3,
    "task": 0,
    "opcode": 0,
    "keywords": 36028797018963968,
    "time_created": "2025-12-31T19:35:47.955598+00:00",
    "event_record_id": 421,
    "correlation": {},
    "execution": {
      "process_id": 4,
      "thread_id": 356
    },
    "channel": "System",
    "computer": "WIN11-22H2-X64",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "DeviceObject": "",
    "Endpoint": "0.0.0.0:5986"
  },
  "message": ""
}

Fields #

Description

Reservation for namespace identified by URL prefix Url was successfully added.

Message #

Reservation for namespace identified by URL prefix %2 was successfully added.

Fields #

Description

Reservation for namespace identified by URL prefix Url was successfully deleted.

Message #

Reservation for namespace identified by URL prefix %2 was successfully deleted.

Fields #

Description

Unable to convert all entries on IP Listen-Only list. Driver will listen on all available interfaces.

Message #

Unable to convert all entries on IP Listen-Only list.  Driver will listen on all available interfaces.

Description

The host Host has gone down as a result of the change in the IP Listen-Only list.

Message #

The host %2 has gone down as a result of the change in the IP Listen-Only list.

Fields #

Description

The host Host has come up as a result of the change in the IP Listen-Only list.

Message #

The host %2 has come up as a result of the change in the IP Listen-Only list.

Fields #

Description

SSL Certificate Settings deleted for endpoint : Endpoint .

Message #

SSL Certificate Settings deleted for endpoint : %2 .

Fields #

Description

SSL Certificate Settings created by an admin process for endpoint : Endpoint .

Message #

SSL Certificate Settings created by an admin process for endpoint : %2 .

Fields #

Description

SSL Certificate Settings updated by an admin process for endpoint : Endpoint .

Message #

SSL Certificate Settings updated by an admin process for endpoint : %2 .

Fields #

Description

Unable to create log file LogFile. Make sure that the logging directory is correct and this computer has write access to that directory.

Message #

Unable to create log file %2. Make sure that the logging directory is correct and this computer has write access to that directory.

Fields #

Description

Unable to create the log file for site W3SVCSiteId. Make sure that the logging directory for the site is correct and this computer has write access to that directory.

Message #

Unable to create the log file for site W3SVC%2. Make sure that the logging directory for the site is correct and this computer has write access to that directory.

Fields #

Description

Unable to write to the log file LogFile for site W3SVCSiteId. Disk may be full. If this is a network path, make sure that network connectivity is not broken.

Message #

Unable to write to the log file %2 for site W3SVC%3. Disk may be full. If this is a network path, make sure that network connectivity is not broken.

Fields #

Description

Unable to create the centralized binary log file. Make sure that the logging directory is correct and this computer has write access to that directory.

Message #

Unable to create the centralized binary log file. Make sure that the logging directory is correct and this computer has write access to that directory.

Description

Unable to write to the centralized binary log file LogFile. Disk may be full. If this is a network path, make sure that network connectivity is not broken.

Message #

Unable to write to the centralized binary log file %2. Disk may be full. If this is a network path, make sure that network connectivity is not broken.

Fields #

Description

Unable to bind to the underlying transport for Address. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.

Message #

Unable to bind to the underlying transport for %2. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine.  The data field contains the error number.

Fields #

Description

Owner of the log file or directory Directory is invalid. This could be because another user has already created the log file or the directory.

Message #

Owner of the log file or directory %2 is invalid. This could be because another user has already created the log file or the directory.

Fields #

Description

An error occurred while initializing namespace reservations. The error status code is contained within the returned data.

Message #

An error occurred while initializing namespace reservations.  The error status code is contained within the returned data.

Description

An error occured while initializing namespace reservation identified by URL prefix Url. The error status code is contained within the returned data.

Message #

An error occured while initializing namespace reservation identified by URL prefix %2.  The error status code is contained within the returned data.

Fields #

Description

Unable to create the error log file. Make sure that the error logging directory is correct.

Message #

Unable to create the error log file. Make sure that the error logging directory is correct.

Description

Unable to write to the error log file. Disk may be full. The data field contains the error number.

Message #

Unable to write to the error log file. Disk may be full. The data field contains the error number.

Description

Error logging configuration failed. The data field contains the error number.

Message #

Error logging configuration failed. The data field contains the error number.

Description

Unable to convert IP Listen-Only list entry Address. The data field contains the error number.

Message #

Unable to convert IP Listen-Only list entry %2.  The data field contains the error number.

Fields #

Description

Unable to initialize the security package SecurityPackage for server side authentication. The data field contains the error number.

Message #

Unable to initialize the security package %2 for server side authentication.  The data field contains the error number.

Fields #

Description

Unable to create the centralized W3C log file. Make sure that the logging directory is correct and this computer has write access to that directory.

Message #

Unable to create the centralized W3C log file. Make sure that the logging directory is correct and this computer has write access to that directory.

Description

Unable to write to the centralized W3C log file LogFile. Disk may be full. If this is a network path, make sure that network connectivity is not broken.

Message #

Unable to write to the centralized W3C log file %2. Disk may be full. If this is a network path, make sure that network connectivity is not broken.

Fields #

Description

The host {Host} has gone down as a result of the change in the IP Listen-Only list.

Message #

The host {Host} has gone down as a result of the change in the IP Listen-Only list.

Fields #

Description

The host {Host} has come up as a result of the change in the IP Listen-Only list.

Message #

The host {Host} has come up as a result of the change in the IP Listen-Only list.

Fields #

Description

An error occurred while using SSL configuration for endpoint Endpoint. The error status code is contained within the returned data.

Message #

An error occurred while using SSL configuration for endpoint %2.  The error status code is contained within the returned data.

Fields #

Description

Http.sys failed to process a CPU hot-add event. Status: Status.

Message #

Http.sys failed to process a CPU hot-add event. Status: %2.

Fields #