Microsoft-Windows-Kernel-Audit-API-Calls

8 events across 1 channel

Event ID	Title	Channel
1		Operational
2		Operational
3		Operational
4		Operational
5		Operational
6		Operational
7		Operational
8		Operational

Event ID 1 —

Provider: Microsoft-Windows-Kernel-Audit-API-Calls
Channel: Operational

Fields

Name	Description
`NotifyRoutineAddress`	—
`ReturnCode`	—

Event ID 2 —

Provider: Microsoft-Windows-Kernel-Audit-API-Calls
Channel: Operational

Fields

Name	Description
`TargetProcessId`	—
`ReturnCode`	—
`TargetProcessStartKey`	—
`TargetProcessCreationTime`	—

Event ID 3 —

Provider: Microsoft-Windows-Kernel-Audit-API-Calls
Channel: Operational

Fields

Name	Description
`LinkSourceName`	—
`LinkTargetName`	—
`DesiredAccess`	—
`ReturnCode`	—

Event ID 4 —

Provider: Microsoft-Windows-Kernel-Audit-API-Calls
Channel: Operational

Fields

Name	Description
`ReturnCode`	—

Event ID 5 —

Provider: Microsoft-Windows-Kernel-Audit-API-Calls
Channel: Operational

Fields

Name	Description
`TargetProcessId`	—
`DesiredAccess`	—
`ReturnCode`	—

Event ID 6 —

Provider: Microsoft-Windows-Kernel-Audit-API-Calls
Channel: Operational

Fields

Name	Description
`TargetProcessId`	—
`TargetThreatId`	—
`DesiredAccess`	—
`ReturnCode`	—

Event ID 7 —

Provider: Microsoft-Windows-Kernel-Audit-API-Calls
Channel: Operational

Fields

Name	Description
`DriverName`	—
`ReturnCode`	—

Event ID 8 —

Provider: Microsoft-Windows-Kernel-Audit-API-Calls
Channel: Operational

Fields

Name	Description
`DriverName`	—
`ReturnCode`	—