Microsoft-Windows-SenseIR

14 events across 1 channel

Event ID	Title	Channel
1	Starting action %1.	Operational
2	Failed to run action %1.	Operational
3	Succeeded to run action %1.	Operational
4	Windows Defender Advanced Threat Protection Incident Response executable …	Operational
5	Windows Defender Advanced Threat Protection Incident Response executable …	Operational
7	Windows Defender Advanced Threat Protection Incident Response requested …	Operational
8	Encountered unexpected error while getting actions from AIRS server.	Operational
9	Found the caller of Windows Defender Advanced Threat Protection Incident …	Operational
10	Failed to deserialize Windows Defender Advanced Threat Protection Incident …	Operational
11	Finished uploading results of action %1.	Operational
12	Failed to deserialize actions, received invalid actions from AIRS server.	Operational
13	Failed to execute AIRS request.	Operational
14	Starting to upload results of action %1.	Operational
15	Failure during action %1.	Operational

Event ID 1 — Starting action %1.

Provider: Microsoft-Windows-SenseIR
Channel: Operational

Message

Starting action %1. Action ID: %2

Fields

Name	Description
`ActionType`	—
`ActionId`	—

Event ID 2 — Failed to run action %1.

Provider: Microsoft-Windows-SenseIR
Channel: Operational

Message

Failed to run action %1. Action ID: %2, error code: %3

Fields

Name	Description
`error_code`	1. Action ID.
`ActionType`	—
`ActionId`	—
`HRESULT`	—

Event ID 3 — Succeeded to run action %1.

Provider: Microsoft-Windows-SenseIR
Channel: Operational

Message

Succeeded to run action %1. Action ID: %2

Fields

Name	Description
`ActionType`	—
`ActionId`	—

Event ID 4 — Windows Defender Advanced Threat Protection Incident Response executable started.

Provider: Microsoft-Windows-SenseIR
Channel: Operational

Message

Windows Defender Advanced Threat Protection Incident Response executable started.

Event ID 5 — Windows Defender Advanced Threat Protection Incident Response executable terminated.

Provider: Microsoft-Windows-SenseIR
Channel: Operational

Message

Windows Defender Advanced Threat Protection Incident Response executable terminated. Exit code: %1

Fields

Name	Description
`HRESULT`	—

Event ID 7 — Windows Defender Advanced Threat Protection Incident Response requested registration as an AIRS client.

Provider: Microsoft-Windows-SenseIR
Channel: Operational

Message

Windows Defender Advanced Threat Protection Incident Response requested registration as an AIRS client. Result code: %1

Fields

Name	Description
`HRESULT`	—

Event ID 8 — Encountered unexpected error while getting actions from AIRS server.

Provider: Microsoft-Windows-SenseIR
Channel: Operational

Message

Encountered unexpected error while getting actions from AIRS server. Error code: %1

Fields

Name	Description
`HRESULT`	—

Event ID 9 — Found the caller of Windows Defender Advanced Threat Protection Incident Response executable to be invalid.

Provider: Microsoft-Windows-SenseIR
Channel: Operational

Message

Found the caller of Windows Defender Advanced Threat Protection Incident Response executable to be invalid. Terminating executable. Error code: %1

Fields

Name	Description
`HRESULT`	—

Event ID 10 — Failed to deserialize Windows Defender Advanced Threat Protection Incident Response parameters.

Provider: Microsoft-Windows-SenseIR
Channel: Operational

Message

Failed to deserialize Windows Defender Advanced Threat Protection Incident Response parameters. Error code: %1

Fields

Name	Description
`HRESULT`	—

Event ID 11 — Finished uploading results of action %1.

Provider: Microsoft-Windows-SenseIR
Channel: Operational

Message

Finished uploading results of action %1. Action ID: %2, upload result code: %3

Fields

Name	Description
`upload_result_code`	1. Action ID.
`ActionType`	—
`ActionId`	—
`HRESULT`	—

Event ID 12 — Failed to deserialize actions, received invalid actions from AIRS server.

Provider: Microsoft-Windows-SenseIR
Channel: Operational

Message

Failed to deserialize actions, received invalid actions from AIRS server. Error code: %1

Fields

Name	Description
`HRESULT`	—

Event ID 13 — Failed to execute AIRS request.

Provider: Microsoft-Windows-SenseIR
Channel: Operational

Message

Failed to execute AIRS request. Error code: %1

Fields

Name	Description
`HRESULT`	—

Event ID 14 — Starting to upload results of action %1.

Provider: Microsoft-Windows-SenseIR
Channel: Operational

Message

Starting to upload results of action %1. Action ID: %2

Fields

Name	Description
`ActionType`	—
`ActionId`	—

Event ID 15 — Failure during action %1.

Provider: Microsoft-Windows-SenseIR
Channel: Operational

Message

Failure during action %1. Action ID: %2, Action phase: %3, error code: %4

Fields

Name	Description
`Action_phase`	1. Action ID.
`error_code`	—
`ActionType`	—
`ActionId`	—
`ActionPhase`	—
`HRESULT`	—