detection.wiki
?
Blog
Labs
References
Microsoft-Windows-Security-IdentityStore
27 events across 1 channel
Event ID
Title
Channel
1
Performance
2
Performance
3
Performance
4
Performance
5
Performance
6
Performance
7
Performance
8
Performance
9
Performance
10
Performance
11
Performance
12
Performance
13
Performance
14
Performance
15
Performance
16
Performance
17
Performance
18
Performance
19
Performance
20
Performance
21
Performance
22
Performance
23
Performance
24
Performance
25
Performance
26
Performance
27
Performance
Event ID 1 —
Provider
Microsoft-Windows-Security-IdentityStore
Channel
Performance
Task
CreateConnectedUser
Opcode
Start
Event ID 2 —
Provider
Microsoft-Windows-Security-IdentityStore
Channel
Performance
Task
CreateConnectedUser
Opcode
Start
Event ID 3 —
Provider
Microsoft-Windows-Security-IdentityStore
Channel
Performance
Task
CreateConnectedUser
Opcode
Stop
Event ID 4 —
Provider
Microsoft-Windows-Security-IdentityStore
Channel
Performance
Task
ConnectDisconnectUser
Opcode
Start
Event ID 5 —
Provider
Microsoft-Windows-Security-IdentityStore
Channel
Performance
Task
ConnectDisconnectUser
Opcode
Stop
Event ID 6 —
Provider
Microsoft-Windows-Security-IdentityStore
Channel
Performance
Task
ConnectDisconnectUser
Opcode
Start
Event ID 7 —
Provider
Microsoft-Windows-Security-IdentityStore
Channel
Performance
Task
ConnectDisconnectUser
Opcode
Stop
Event ID 8 —
Provider
Microsoft-Windows-Security-IdentityStore
Channel
Performance
Task
ConnectDisconnectUser
Opcode
Start
Event ID 9 —
Provider
Microsoft-Windows-Security-IdentityStore
Channel
Performance
Task
ConnectDisconnectUser
Opcode
Stop
Event ID 10 —
Provider
Microsoft-Windows-Security-IdentityStore
Channel
Performance
Task
ConnectDisconnectUser
Opcode
Start
Event ID 11 —
Provider
Microsoft-Windows-Security-IdentityStore
Channel
Performance
Task
ConnectDisconnectUser
Opcode
Stop
Event ID 12 —
Provider
Microsoft-Windows-Security-IdentityStore
Channel
Performance
Task
IdentityQuery
Opcode
Start
Event ID 13 —
Provider
Microsoft-Windows-Security-IdentityStore
Channel
Performance
Task
IdentityQuery
Opcode
Stop
Event ID 14 —
Provider
Microsoft-Windows-Security-IdentityStore
Channel
Performance
Task
IdentityQuery
Opcode
Start
Event ID 15 —
Provider
Microsoft-Windows-Security-IdentityStore
Channel
Performance
Task
IdentityQuery
Opcode
Stop
Event ID 16 —
Provider
Microsoft-Windows-Security-IdentityStore
Channel
Performance
Task
IdentityQuery
Opcode
Start
Event ID 17 —
Provider
Microsoft-Windows-Security-IdentityStore
Channel
Performance
Task
IdentityQuery
Opcode
Stop
Event ID 18 —
Provider
Microsoft-Windows-Security-IdentityStore
Channel
Performance
Task
IdentityQuery
Opcode
Start
Event ID 19 —
Provider
Microsoft-Windows-Security-IdentityStore
Channel
Performance
Task
IdentityQuery
Opcode
Stop
Event ID 20 —
Provider
Microsoft-Windows-Security-IdentityStore
Channel
Performance
Task
IdentityQuery
Opcode
Start
Event ID 21 —
Provider
Microsoft-Windows-Security-IdentityStore
Channel
Performance
Task
IdentityQuery
Opcode
Stop
Event ID 22 —
Provider
Microsoft-Windows-Security-IdentityStore
Channel
Performance
Task
CreateConnectedUser
Opcode
Start
Event ID 23 —
Provider
Microsoft-Windows-Security-IdentityStore
Channel
Performance
Task
CreateConnectedUser
Opcode
Stop
Event ID 24 —
Provider
Microsoft-Windows-Security-IdentityStore
Channel
Performance
Task
CreateConnectedUser
Opcode
Start
Event ID 25 —
Provider
Microsoft-Windows-Security-IdentityStore
Channel
Performance
Task
CreateConnectedUser
Opcode
Stop
Event ID 26 —
Provider
Microsoft-Windows-Security-IdentityStore
Channel
Performance
Task
ConnectDisconnectUser
Opcode
Start
Event ID 27 —
Provider
Microsoft-Windows-Security-IdentityStore
Channel
Performance
Task
ConnectDisconnectUser
Opcode
Stop
Keyboard Shortcuts
j
/
k
Scroll down / up
d
/
u
Half-page down / up
h
/
l
Go back / forward
g
g
Go to top
G
Go to bottom
f
Follow link (SHIFT = new tab)
/
Focus search
?
Toggle this help
See
Navigation Reference
for search modifiers and filters.