Microsoft-Windows-RPC-Audit

2 events across 1 channel

Event ID	Title	Channel
1		Operational
2		Operational

Event ID 1 —

Provider: Microsoft-Windows-RPC-Audit
Channel: Operational

Fields

Name	Description
`InterfaceUuid`	—
`OpNum`	—
`SubjectUserSid`	—
`SubjectLogonId`	—
`LocalIpAddressLength`	—
`LocalIpAddress`	—
`RemoteIpAddressLength`	—
`RemoteIpAddress`	—
`ProtocolSequence`	—
`AuthenticationService`	—
`AuthenticationLevel`	—
`Endpoint`	—
`RemoteHost`	—
`BufferSize`	—
`Buffer`	—

Event ID 2 —

Provider: Microsoft-Windows-RPC-Audit
Channel: Operational

Fields

Name	Description
`InterfaceUuid`	—
`OpNum`	—
`SubjectUserSid`	—
`SubjectLogonId`	—
`LocalIpAddressLength`	—
`LocalIpAddress`	—
`RemoteIpAddressLength`	—
`RemoteIpAddress`	—
`ProtocolSequence`	—
`AuthenticationService`	—
`AuthenticationLevel`	—
`Endpoint`	—
`RemoteHost`	—
`ErrorCode`	—
`IsBlockedByWFP`	—