SecurityCenter
4 events across 1 channel
| Event ID | Title | Channel |
|---|---|---|
| 1 | The Windows Security Center Service has started. | Application |
| 2 | The Windows Security Center Service has stopped. | Application |
| 15 | Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON. | Application |
| 16 | Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON. | Application |
Event ID 1 — The Windows Security Center Service has started.
#Example Event #
{
"system": {
"provider": "SecurityCenter",
"guid": "",
"event_source_name": "",
"event_id": 1,
"version": 0,
"level": 4,
"task": 0,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2023-11-05T22:34:27.020738+00:00",
"event_record_id": 1587,
"correlation": {},
"execution": {
"process_id": 1640,
"thread_id": 0
},
"channel": "Application",
"computer": "WinDev2310Eval",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": "The Windows Security Center Service has started."
}
References #
- Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx
Event ID 2 — The Windows Security Center Service has stopped.
#Example Event #
{
"system": {
"provider": "SecurityCenter",
"guid": "",
"event_source_name": "",
"event_id": 2,
"version": 0,
"level": 4,
"task": 0,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2023-11-05T22:31:36.782611+00:00",
"event_record_id": 1536,
"correlation": {},
"execution": {
"process_id": 7732,
"thread_id": 0
},
"channel": "Application",
"computer": "WinDev2310Eval",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": "The Windows Security Center Service has stopped."
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 15 — Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON.
#Fields #
| Name | Description |
|---|---|
Data | — |
Example Event #
{
"system": {
"provider": "SecurityCenter",
"guid": "",
"event_source_name": "",
"event_id": 15,
"version": 0,
"level": 4,
"task": 0,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2023-11-05T22:34:29.037912+00:00",
"event_record_id": 1589,
"correlation": {},
"execution": {
"process_id": 1640,
"thread_id": 0
},
"channel": "Application",
"computer": "WinDev2310Eval",
"security": {
"user_id": ""
}
},
"event_data": {
"Data": [
"Windows Defender",
"SECURITY_PRODUCT_STATE_ON"
]
},
"message": "Updated Windows Defender status successfully to SECURITY_PRODUCT_STATE_ON."
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 16 — Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON.
#Fields #
| Name | Description |
|---|---|
Data | — |
Binary | — |
Example Event #
{
"system": {
"provider": "SecurityCenter",
"guid": "",
"event_source_name": "",
"event_id": 16,
"version": 0,
"level": 2,
"task": 0,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2025-12-31T19:37:29.959155+00:00",
"event_record_id": 138,
"correlation": {},
"execution": {
"process_id": 1736,
"thread_id": 0
},
"channel": "Application",
"computer": "WIN11-22H2-X64",
"security": {
"user_id": ""
}
},
"event_data": {
"Data": [
"Windows Defender",
"SECURITY_PRODUCT_STATE_ON"
],
"Binary": "AgAAAA=="
},
"message": "Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON."
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline