Event ID 302 — The user "EventInfo.Username", on client computer "EventInfo.IpAddress", connected to resource "EventInfo.Resource".
Description
The user "EventInfo.Username", on client computer "EventInfo.IpAddress", connected to resource "EventInfo.Resource". Connection protocol used: "EventInfo.ConnectionProtocol".
Message #
Fields #
| Name | Description |
|---|---|
EventInfo.Username | — |
EventInfo.IpAddress | — |
EventInfo.AuthType | — |
EventInfo.Resource | — |
EventInfo.ConnectionProtocol | — |
EventInfo.ErrorCode | — |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-TerminalServices-Gateway",
"guid": "4D5AE6A1-C7C8-4E6D-B840-4D8080B42E1B",
"event_source_name": "",
"event_id": 302,
"version": 0,
"level": 4,
"task": 3,
"opcode": 30,
"keywords": 4611686018444165120,
"time_created": "2024-11-04T13:59:32.624374+00:00",
"event_record_id": 89,
"correlation": {
"ActivityID": "7CF86876-882F-0625-F153-3DEC514DA0B2"
},
"execution": {
"process_id": 1444,
"thread_id": 2556
},
"channel": "Microsoft-Windows-TerminalServices-Gateway/Operational",
"computer": "EC2AMAZ-6C3C9U6",
"security": {
"user_id": "S-1-5-20"
}
},
"user_data": {
"EventInfo": {
"Username": "EC2AMAZ-6C3C9U6\\Administrator",
"IpAddress": "198.51.100.1",
"AuthType": "",
"Resource": "ec2-18-179-8-103.ap-northeast-1.compute.amazonaws.com",
"ConnectionProtocol": "HTTP",
"ErrorCode": 0
}
},
"message": ""
}
References #
- Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx