Microsoft-Windows-SEC-WFP

4 events across 1 channel

Event ID	Title	Channel
1		Operational
2		Operational
3		Operational
4		Operational

Event ID 1 —

Provider: Microsoft-Windows-SEC-WFP
Channel: Operational

Fields #

Name	Description
`ModuleTag` UInt16	—
`ProcessId` HexInt32	—
`ProcessStartKey` UInt64	—
`ProcessCreationTime` Int64	—
`IsBlocked` Boolean	—
`Direction` UInt32	— Known values `%%14592` Inbound `%%14593` Outbound `%%14594` Forward `%%14595` Bidirectional
`IsExistingConnection` Boolean	—
`FilterId` UInt64	—
`LayerId` UInt16	—
`InterfaceIndex` UInt32	—
`Protocol` UInt8	— Known values `0` HOPOPT `1` ICMP `2` IGMP `6` TCP `17` UDP `41` IPv6 `43` IPv6-Route `44` IPv6-Frag `47` GRE `50` ESP `51` AH `58` ICMPv6 `89` OSPF `103` PIM `132` SCTP
`LocalAddressLength` UInt32	—
`LocalAddress` Binary	—
`RemoteAddressLength` UInt32	—
`RemoteAddress` Binary	—

Event ID 2 —

Provider: Microsoft-Windows-SEC-WFP
Channel: Operational

Fields #

Name	Description
`ModuleTag` UInt16	—
`ProcessId` HexInt32	—
`ProcessStartKey` UInt64	—
`ProcessCreationTime` Int64	—
`IsBlocked` Boolean	—
`Direction` UInt32	— Known values `%%14592` Inbound `%%14593` Outbound `%%14594` Forward `%%14595` Bidirectional
`IsExistingConnection` Boolean	—
`FilterId` UInt64	—
`LayerId` UInt16	—
`InterfaceIndex` UInt32	—
`Protocol` UInt8	— Known values `0` HOPOPT `1` ICMP `2` IGMP `6` TCP `17` UDP `41` IPv6 `43` IPv6-Route `44` IPv6-Frag `47` GRE `50` ESP `51` AH `58` ICMPv6 `89` OSPF `103` PIM `132` SCTP
`LocalAddressLength` UInt32	—
`LocalAddress` Binary	—
`RemoteAddressLength` UInt32	—
`RemoteAddress` Binary	—

Event ID 3 —

Provider: Microsoft-Windows-SEC-WFP
Channel: Operational

Fields #

Name	Description
`ModuleTag` UInt16	—
`ProcessId` HexInt32	—
`ProcessStartKey` UInt64	—
`ProcessCreationTime` Int64	—
`IsBlocked` Boolean	—
`Direction` UInt32	— Known values `%%14592` Inbound `%%14593` Outbound `%%14594` Forward `%%14595` Bidirectional
`IsExistingConnection` Boolean	—
`FilterId` UInt64	—
`LayerId` UInt16	—
`InterfaceIndex` UInt32	—
`Protocol` UInt8	— Known values `0` HOPOPT `1` ICMP `2` IGMP `6` TCP `17` UDP `41` IPv6 `43` IPv6-Route `44` IPv6-Frag `47` GRE `50` ESP `51` AH `58` ICMPv6 `89` OSPF `103` PIM `132` SCTP
`LocalAddressLength` UInt32	—
`LocalAddress` Binary	—
`RemoteAddressLength` UInt32	—
`RemoteAddress` Binary	—

Event ID 4 —

Provider: Microsoft-Windows-SEC-WFP
Channel: Operational

Fields #

Name	Description
`ModuleTag` UInt32	—
`RuleId` UInt32	—
`LayerId` UInt16	—
`Action` UInt32	—
`FieldId` UInt16	—
`MatchType` UInt32	—
`DataType` UInt32	—
`IsBlocked` Boolean	—