Microsoft-Windows-StorageManagement

11 events across 2 channels

Event ID	Title	Channel
1	%1 %2(%3).	Debug
2	%1 %2 %3(%4).	Debug
3	%1 %2(%3).	Debug
4	An error has occurred during method execution.	Operational
5	An error has occurred during method execution.	Operational
6	The Windows Storage Provider host service failed to start.	Operational
7	The Windows Storage Provider host service was started successfully.	Operational
8	The Windows Storage Management WMI Provider was loaded.	Operational
9	A Windows Storage Management WMI enumeration operation was performed.	Operational
10	A Windows Storage Management WMI get instance operation was performed.	Operational
11	A Windows Storage Management WMI method operation was performed.	Operational

Event ID 1 — %1 %2(%3).

Provider: Microsoft-Windows-StorageManagement
Channel: Debug

Message

%1
%2(%3)

Fields

Name	Description
`Message`	—
`FileName`	—
`LineNumber`	—

Event ID 2 — %1 %2 %3(%4).

Provider: Microsoft-Windows-StorageManagement
Channel: Debug

Message

%1 %2
%3(%4)

Fields

Name	Description
`Message`	—
`ErrorCode`	—
`FileName`	—
`LineNumber`	—

Event ID 3 — %1 %2(%3).

Provider: Microsoft-Windows-StorageManagement
Channel: Debug

Message

%1
%2(%3)

Fields

Name	Description
`Message`	—
`FileName`	—
`LineNumber`	—

Event ID 4 — An error has occurred during method execution.

Provider: Microsoft-Windows-StorageManagement
Channel: Operational

Message

An error has occurred during method execution.                    
Class: %1                    
Method: %2                    
Error Code: %3                    
Error Message: %4

Fields

Name	Description
`ClassName`	—
`MethodName`	—
`ErrorCode`	—
`MessageString`	—

Event ID 5 — An error has occurred during method execution.

Provider: Microsoft-Windows-StorageManagement
Channel: Operational

Message

An error has occurred during method execution.                   
Class: %1                   
Method: %2                   
Error Code: %3

Fields

Name	Description
`ClassName`	—
`MethodName`	—
`ErrorCode`	—

Event ID 6 — The Windows Storage Provider host service failed to start.

Provider: Microsoft-Windows-StorageManagement
Channel: Operational

Message

The Windows Storage Provider host service failed to start.                    
Error Code: %1                    
Operation: %2

Fields

Name	Description
`ErrorCode`	—
`Operation`	—

Event ID 7 — The Windows Storage Provider host service was started successfully.

Provider: Microsoft-Windows-StorageManagement
Channel: Operational
Level: 4
Samples: 1

Message

The Windows Storage Provider host service was started successfully.                    
Start time (milliseconds): %1

Fields

Name	Description
`StartTime_msecs`	—

Example Event

system:
  provider: Microsoft-Windows-StorageManagement
  guid: 7E58E69A-E361-4F06-B880-AD2F4B64C944
  event_source_name: ''
  event_id: 7
  version: 1
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036854775808
  time_created: '2023-10-25T22:49:38.651173+00:00'
  event_record_id: 9
  correlation:
    ActivityID: 49DBD9FB-0795-0001-68EC-DB499507DA01
  execution:
    process_id: 4416
    thread_id: 6856
  channel: Microsoft-Windows-StorageManagement/Operational
  computer: WinDevEval
  security:
    user_id: S-1-5-21-2533829718-189860685-2477588761-500
event_data:
  StartTime_msecs: 1297
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 8 — The Windows Storage Management WMI Provider was loaded.

Provider: Microsoft-Windows-StorageManagement
Channel: Operational
Level: 4
Samples: 1

Message

The Windows Storage Management WMI Provider was loaded.                    
Load time (milliseconds): %1

Fields

Name	Description
`LoadTime_msecs`	—

Example Event

system:
  provider: Microsoft-Windows-StorageManagement
  guid: 7E58E69A-E361-4F06-B880-AD2F4B64C944
  event_source_name: ''
  event_id: 8
  version: 1
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036854775808
  time_created: '2023-10-25T22:51:05.956749+00:00'
  event_record_id: 11
  correlation:
    ActivityID: 49DBD9FB-0795-0001-68EC-DB499507DA01
  execution:
    process_id: 4416
    thread_id: 6872
  channel: Microsoft-Windows-StorageManagement/Operational
  computer: WinDevEval
  security:
    user_id: S-1-5-20
event_data:
  LoadTime_msecs: 0
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 9 — A Windows Storage Management WMI enumeration operation was performed.

Provider: Microsoft-Windows-StorageManagement
Channel: Operational
Level: 4
Samples: 1

Message

A Windows Storage Management WMI enumeration operation was performed.                   
Class: %1                   
ResultCount: %2                   
Operation time (milliseconds): %3

Fields

Name	Description
`ClassName`	—
`ResultCount`	—
`OperationTime_msecs`	—

Example Event

system:
  provider: Microsoft-Windows-StorageManagement
  guid: 7E58E69A-E361-4F06-B880-AD2F4B64C944
  event_source_name: ''
  event_id: 9
  version: 1
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036854775808
  time_created: '2023-10-25T22:49:38.760958+00:00'
  event_record_id: 10
  correlation:
    ActivityID: 49DBD9FB-0795-0001-68EC-DB499507DA01
  execution:
    process_id: 4416
    thread_id: 6856
  channel: Microsoft-Windows-StorageManagement/Operational
  computer: WinDevEval
  security:
    user_id: S-1-5-21-2533829718-189860685-2477588761-500
event_data:
  ClassName: MSFT_Volume
  ResultCount: 6
  OperationTime_msecs: 109
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 10 — A Windows Storage Management WMI get instance operation was performed.

Provider: Microsoft-Windows-StorageManagement
Channel: Operational
Level: 4
Samples: 1

Message

A Windows Storage Management WMI get instance operation was performed.                   
Class: %1                   
Operation time (milliseconds): %2

Fields

Name	Description
`ClassName`	—
`OperationTime_msecs`	—

Example Event

system:
  provider: Microsoft-Windows-StorageManagement
  guid: 7E58E69A-E361-4F06-B880-AD2F4B64C944
  event_source_name: ''
  event_id: 10
  version: 1
  level: 4
  task: 0
  opcode: 0
  keywords: 9223372036854775808
  time_created: '2022-04-07T17:21:56.538886+00:00'
  event_record_id: 34
  correlation:
    ActivityID: 81FAF879-7D33-43C8-9320-DFCB4C248FFD
  execution:
    process_id: 892
    thread_id: 2328
  channel: Microsoft-Windows-StorageManagement/Operational
  computer: WIN-FPV0DSIC9O6.sigma.fr
  security:
    user_id: S-1-5-21-2121334350-1110938707-2888912545-500
event_data:
  ClassName: SPACES_PhysicalDisk
  OperationTime_msecs: 16
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 11 — A Windows Storage Management WMI method operation was performed.

Provider: Microsoft-Windows-StorageManagement
Channel: Operational

Message

A Windows Storage Management WMI method operation was performed.                   
Class: %1                   
Method: %2                   
Operation time (milliseconds): %3

Fields

Name	Description
`ClassName`	—
`MethodName`	—
`OperationTime_msecs`	—