Microsoft-Windows-SEC-WFP

4 events across 1 channel

Event ID	Title	Channel
1		Operational
2		Operational
3		Operational
4		Operational

Event ID 1 —

Provider: Microsoft-Windows-SEC-WFP
Channel: Operational

Fields

Name	Description
`ModuleTag`	—
`ProcessId`	—
`ProcessStartKey`	—
`ProcessCreationTime`	—
`IsBlocked`	—
`Direction`	—
`IsExistingConnection`	—
`FilterId`	—
`LayerId`	—
`InterfaceIndex`	—
`Protocol`	—
`LocalAddressLength`	—
`LocalAddress`	—
`RemoteAddressLength`	—
`RemoteAddress`	—

Event ID 2 —

Provider: Microsoft-Windows-SEC-WFP
Channel: Operational

Fields

Name	Description
`ModuleTag`	—
`ProcessId`	—
`ProcessStartKey`	—
`ProcessCreationTime`	—
`IsBlocked`	—
`Direction`	—
`IsExistingConnection`	—
`FilterId`	—
`LayerId`	—
`InterfaceIndex`	—
`Protocol`	—
`LocalAddressLength`	—
`LocalAddress`	—
`RemoteAddressLength`	—
`RemoteAddress`	—

Event ID 3 —

Provider: Microsoft-Windows-SEC-WFP
Channel: Operational

Fields

Name	Description
`ModuleTag`	—
`ProcessId`	—
`ProcessStartKey`	—
`ProcessCreationTime`	—
`IsBlocked`	—
`Direction`	—
`IsExistingConnection`	—
`FilterId`	—
`LayerId`	—
`InterfaceIndex`	—
`Protocol`	—
`LocalAddressLength`	—
`LocalAddress`	—
`RemoteAddressLength`	—
`RemoteAddress`	—

Event ID 4 —

Provider: Microsoft-Windows-SEC-WFP
Channel: Operational

Fields

Name	Description
`ModuleTag`	—
`RuleId`	—
`LayerId`	—
`Action`	—
`FieldId`	—
`MatchType`	—
`DataType`	—
`IsBlocked`	—