- Provider
- Microsoft-Windows-PowerShell
- Channel
- Operational
- Level
- Warning
- Task
- None
- Opcode
- Tobeusedwhenanexceptionisraised
Message #
%3
Context:
%1
User Data:
%2
Example Event #
{
"system": {
"provider": "Microsoft-Windows-PowerShell",
"guid": "A0C1853B-5C40-4B15-8766-3CF1C58F985A",
"event_source_name": "",
"event_id": 4102,
"version": 1,
"level": 3,
"task": 106,
"opcode": 19,
"keywords": 0,
"time_created": "2023-10-25T21:34:05.630892+00:00",
"event_record_id": 11,
"correlation": {
"ActivityID": "DE03B784-07C3-0001-BC98-04DEC307DA01"
},
"execution": {
"process_id": 1796,
"thread_id": 2088
},
"channel": "Microsoft-Windows-PowerShell/Operational",
"computer": "WinDevEval",
"security": {
"user_id": "S-1-5-21-2533829718-189860685-2477588761-500"
}
},
"event_data": {
"ContextInfo": " Severity = Warning\r\n Host Name = ConsoleHost\r\n Host Version = 5.1.22621.2428\r\n Host ID = d4db7522-7ab1-46f8-add0-ee6f22c6c812\r\n Host Application = C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe -ExecutionPolicy Bypass a:\\FixPublicNetworkType.ps1\r\n Engine Version = 5.1.22621.2428\r\n Runspace ID = c5b2be04-de37-4a47-bfdd-d75d2d714efd\r\n Pipeline ID = 1\r\n Command Name = \r\n Command Type = \r\n Script Name = \r\n Command Path = \r\n Sequence Number = 16\r\n User = WINDEVEVAL\\Administrator\r\n Connected User = \r\n Shell ID = Microsoft.PowerShell\r\n",
"UserData": "",
"Payload": "Error Message = Could not find the drive 'a:\\'. The drive might not be ready or might not be mapped.\r\n\r\nProvider name = Microsoft.PowerShell.Core\\FileSystem\r\n"
},
"message": ""
}