Event ID 131 — The server accepted a new ConnType connection from client ClientIP.

Provider: Microsoft-Windows-RemoteDesktopServices-RdpCoreTS
Channel: Operational
Level: Informational
Task: RemoteFXmodule_4
Opcode: EstablishConnection

Description

The server accepted a new ConnType connection from client ClientIP.

Message #

The server accepted a new %1 connection from client %2.

Fields #

Name	Description
`ConnType` UnicodeString	—
`ClientIP` UnicodeString	—

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS",
    "guid": "1139C61B-B549-4251-8ED3-27250A1EDEC8",
    "event_source_name": "",
    "event_id": 131,
    "version": 0,
    "level": 4,
    "task": 4,
    "opcode": 15,
    "keywords": 4611686018427387904,
    "time_created": "2020-11-13T11:09:07.084053Z",
    "event_record_id": 12551,
    "correlation": {
      "#attributes": {
        "ActivityID": "F4207C37-D7A8-4A5E-9A35-4E79CAA60000"
      }
    },
    "execution": {
      "process_id": 388,
      "thread_id": 1292
    },
    "channel": "Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational",
    "computer": "MSEDGEWIN10",
    "security": {
      "user_id": "S-1-5-20"
    }
  },
  "event_data": {
    "ConnType": "TCP",
    "ClientIP": "10.0.2.16:52202"
  }
}

References #

Example event sourced from https://github.com/NextronSystems/evtx-baseline