Microsoft-Windows-NetworkProfile
18 events across 2 channels
Event ID 4001 — Entered State: CurrentOrNextState Interface Guid: InterfaceGuid.
#Description
Entered State: CurrentOrNextState Interface Guid: InterfaceGuid.
Message #
Fields #
| Name | Description |
|---|---|
InterfaceGuid GUID | — |
CurrentOrNextState UInt8 | Entered State. |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-NetworkProfile",
"guid": "FBCFAC3F-8459-419F-8E48-1F0B49CDB85E",
"event_source_name": "",
"event_id": 4001,
"version": 0,
"level": 4,
"task": 1,
"opcode": 1,
"keywords": 4611721202799476736,
"time_created": "2023-11-06T06:25:40.457207+00:00",
"event_record_id": 102,
"correlation": {
"ActivityID": "F590C418-1079-0000-E6C4-90F57910DA01"
},
"execution": {
"process_id": 1696,
"thread_id": 2248
},
"channel": "Microsoft-Windows-NetworkProfile/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-20"
}
},
"event_data": {
"InterfaceGuid": "8E4162AD-6500-4899-BA95-24051405E207",
"CurrentOrNextState": 0
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 4002 — Transitioning to State: CurrentOrNextState Interface Guid: InterfaceGuid.
#Description
Transitioning to State: CurrentOrNextState Interface Guid: InterfaceGuid.
Message #
Fields #
| Name | Description |
|---|---|
InterfaceGuid GUID | — |
CurrentOrNextState UInt8 | Transitioning to State. |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-NetworkProfile",
"guid": "FBCFAC3F-8459-419F-8E48-1F0B49CDB85E",
"event_source_name": "",
"event_id": 4002,
"version": 0,
"level": 4,
"task": 1,
"opcode": 2,
"keywords": 4612002677776187392,
"time_created": "2023-11-06T06:25:44.677567+00:00",
"event_record_id": 107,
"correlation": {
"ActivityID": "F590C418-1079-0000-E6C4-90F57910DA01"
},
"execution": {
"process_id": 1696,
"thread_id": 2248
},
"channel": "Microsoft-Windows-NetworkProfile/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-20"
}
},
"event_data": {
"InterfaceGuid": "8E4162AD-6500-4899-BA95-24051405E207",
"CurrentOrNextState": 1
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 4003 — Transitioning to State: CurrentOrNextState Interface Guid: InterfaceGuid.
#Description
Transitioning to State: CurrentOrNextState Interface Guid: InterfaceGuid.
Message #
Fields #
| Name | Description |
|---|---|
InterfaceGuid GUID | — |
CurrentOrNextState UInt8 | Transitioning to State. |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-NetworkProfile",
"guid": "FBCFAC3F-8459-419F-8E48-1F0B49CDB85E",
"event_source_name": "",
"event_id": 4003,
"version": 0,
"level": 4,
"task": 1,
"opcode": 2,
"keywords": 4612002677776187392,
"time_created": "2023-10-26T04:21:55.694878+00:00",
"event_record_id": 8,
"correlation": {
"ActivityID": "DE03B784-07C3-0000-2AB9-03DEC307DA01"
},
"execution": {
"process_id": 1664,
"thread_id": 2128
},
"channel": "Microsoft-Windows-NetworkProfile/Operational",
"computer": "WinDevEval",
"security": {
"user_id": "S-1-5-20"
}
},
"event_data": {
"InterfaceGuid": "8E4162AD-6500-4899-BA95-24051405E207",
"CurrentOrNextState": 2
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 4004 — Network State Change Fired.
#Description
Network State Change Fired.
Message #
Fields #
| Name | Description |
|---|---|
NewInternetConnectionProfile Boolean | — |
ConnectionCostChanged Boolean | — |
DomainConnectivityLevelChanged Boolean | — |
NetworkConnectivityLevelChanged Boolean | — |
HostNameChanged Boolean | — |
WwanRegistrationStateChanged Boolean | — |
TetheringOperationalStateChanged Boolean | — |
TetheringClientCountChanged Boolean | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-NetworkProfile",
"guid": "FBCFAC3F-8459-419F-8E48-1F0B49CDB85E",
"event_source_name": "",
"event_id": 4004,
"version": 0,
"level": 4,
"task": 0,
"opcode": 0,
"keywords": 4611686018427387904,
"time_created": "2023-11-06T06:25:52.523004+00:00",
"event_record_id": 109,
"correlation": {},
"execution": {
"process_id": 1696,
"thread_id": 2332
},
"channel": "Microsoft-Windows-NetworkProfile/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-20"
}
},
"event_data": {
"NewInternetConnectionProfile": true,
"ConnectionCostChanged": true,
"DomainConnectivityLevelChanged": false,
"NetworkConnectivityLevelChanged": true,
"HostNameChanged": true,
"WwanRegistrationStateChanged": false,
"TetheringOperationalStateChanged": false,
"TetheringClientCountChanged": false
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 10000 — Network Connected.
#Description
Network Connected.
Message #
Fields #
| Name | Description |
|---|---|
Name UnicodeString | — |
Description UnicodeString | Desc. |
Guid GUID | — |
Type UInt32 | — |
State UInt32 | — |
Category UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-NetworkProfile",
"guid": "FBCFAC3F-8459-419F-8E48-1F0B49CDB85E",
"event_source_name": "",
"event_id": 10000,
"version": 0,
"level": 4,
"task": 0,
"opcode": 0,
"keywords": 4611721202799476768,
"time_created": "2023-11-06T06:25:44.690058+00:00",
"event_record_id": 108,
"correlation": {
"ActivityID": "F590C418-1079-0000-E6C4-90F57910DA01"
},
"execution": {
"process_id": 1696,
"thread_id": 2248
},
"channel": "Microsoft-Windows-NetworkProfile/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-20"
}
},
"event_data": {
"Name": "Network",
"Description": "Network",
"Guid": "CCBFAED0-A06E-421D-B45F-1132A0A2ED94",
"Type": 0,
"State": 1,
"Category": 0
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 10001 — Network Disconnected.
#Description
Network Disconnected.
Message #
Fields #
| Name | Description |
|---|---|
Name UnicodeString | — |
Description UnicodeString | Desc. |
Guid GUID | — |
Type UInt32 | — |
State UInt32 | — |
Category UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-NetworkProfile",
"guid": "FBCFAC3F-8459-419F-8E48-1F0B49CDB85E",
"event_source_name": "",
"event_id": 10001,
"version": 0,
"level": 4,
"task": 0,
"opcode": 0,
"keywords": 4611721202799476768,
"time_created": "2022-04-07T08:38:26.093764+00:00",
"event_record_id": 37,
"correlation": {},
"execution": {
"process_id": 1616,
"thread_id": 5536
},
"channel": "Microsoft-Windows-NetworkProfile/Operational",
"computer": "WIN-FPV0DSIC9O6.lab.local",
"security": {
"user_id": "S-1-5-19"
}
},
"event_data": {
"Name": "Network",
"Description": "Network",
"Guid": "D055742A-B396-408F-8F43-BE8015437E49",
"Type": 0,
"State": 2,
"Category": 1
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 10002 — Network Category Changed.
#Description
Network Category Changed.
Message #
Fields #
| Name | Description |
|---|---|
Name UnicodeString | — |
Description UnicodeString | Desc. |
Guid GUID | — |
Type UInt32 | — |
State UInt32 | — |
Category UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-NetworkProfile",
"guid": "FBCFAC3F-8459-419F-8E48-1F0B49CDB85E",
"event_source_name": "",
"event_id": 10002,
"version": 0,
"level": 4,
"task": 0,
"opcode": 0,
"keywords": 4611721202799476768,
"time_created": "2023-10-25T21:24:15.431361+00:00",
"event_record_id": 15,
"correlation": {
"ActivityID": "DE03B784-07C3-0001-12DB-03DEC307DA01"
},
"execution": {
"process_id": 1664,
"thread_id": 1716
},
"channel": "Microsoft-Windows-NetworkProfile/Operational",
"computer": "WinDevEval",
"security": {
"user_id": "S-1-5-20"
}
},
"event_data": {
"Name": "Unidentified network",
"Description": "Unidentified network",
"Guid": "D96782F8-AD48-42CC-BA6F-1DE099772EC0",
"Type": 0,
"State": 5,
"Category": 1
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 10003 — Posting Network Connected Event Type: Posting_Network_Connected_Event_Type.
Event ID 10004 — Posted Network Connected Event Type: Posted_Network_Connected_Event_Type.
Event ID 10005 — Posting Network Profile Event Type: Posting_Network_Profile_Event_Type.
Event ID 10006 — Posted Network Profile Event Type: Posted_Network_Profile_Event_Type.
Event ID 10007 — Posting Network Disconnected Event Type: Posting_Network_Disconnected_Event_Type.
Event ID 10008 — Posted Network Disconnected Event Type: Posted_Network_Disconnected_Event_Type.
Event ID 20001 — NLM service initialization failed (error=ErrorCode).
Event ID 20002 — NSI Set Category Result.
#Description
NSI Set Category Result.
Message #
Fields #
| Name | Description |
|---|---|
ProfileGuid GUID | — |
InterfaceGuid GUID | — |
Category UInt32 | Network Category. |
ErrorCodev4 Int32 | IPv4 Error Code. |
ErrorCodev6 Int32 | IPv6 Error Code. |
Context UInt32 | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-NetworkProfile",
"guid": "FBCFAC3F-8459-419F-8E48-1F0B49CDB85E",
"event_source_name": "",
"event_id": 20002,
"version": 0,
"level": 4,
"task": 0,
"opcode": 0,
"keywords": 4611686018427387936,
"time_created": "2023-11-06T06:25:40.464277+00:00",
"event_record_id": 105,
"correlation": {},
"execution": {
"process_id": 1696,
"thread_id": 2180
},
"channel": "Microsoft-Windows-NetworkProfile/Operational",
"computer": "WinDev2310Eval",
"security": {
"user_id": "S-1-5-20"
}
},
"event_data": {
"ProfileGuid": "FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF",
"InterfaceGuid": "8E4162AD-6500-4899-BA95-24051405E207",
"Category": 0,
"ErrorCodev4": 0,
"ErrorCodev6": 0,
"Context": 3391
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 20003 —
Fields #
| Name | Description |
|---|---|
InternetPresent Boolean | — |
WnfStatusCode UInt32 | — |
Event ID 20004 —
Fields #
| Name | Description |
|---|---|
FreeNetworkPresent Boolean | — |
WnfStatusCode UInt32 | — |