Microsoft-Windows-RPC-Audit
2 events across 1 channel
Event ID 1 —
Fields #
| Name | Description |
|---|---|
InterfaceUuid GUID | — |
OpNum UInt32 | — |
SubjectUserSid SID | — |
SubjectLogonId UInt64 | — |
LocalIpAddressLength UInt32 | — |
LocalIpAddress Binary | — |
RemoteIpAddressLength UInt32 | — |
RemoteIpAddress Binary | — |
ProtocolSequence UInt32 | — |
AuthenticationService UInt32 | — |
AuthenticationLevel UInt32 | — |
Endpoint UnicodeString | — |
RemoteHost UnicodeString | — |
BufferSize UInt32 | — |
Buffer Binary | — |
Event ID 2 —
Fields #
| Name | Description |
|---|---|
InterfaceUuid GUID | — |
OpNum UInt32 | — |
SubjectUserSid SID | — |
SubjectLogonId UInt64 | — |
LocalIpAddressLength UInt32 | — |
LocalIpAddress Binary | — |
RemoteIpAddressLength UInt32 | — |
RemoteIpAddress Binary | — |
ProtocolSequence UInt32 | — |
AuthenticationService UInt32 | — |
AuthenticationLevel UInt32 | — |
Endpoint UnicodeString | — |
RemoteHost UnicodeString | — |
ErrorCode UInt32 | — |
IsBlockedByWFP Boolean | — |