Let's Talk Start free
Let's Talk Start free

NXLog Documentation

You are viewing the documentation of our legacy products. Go to the NXLog Platform Documentation.
6.07

Fields by providers

This table lists the most common providers and their associated fields.

Provider Event value Task Operation Level Fields

Microsoft-Windows-AppLocker

8000

task_0

-

ERROR

$Status (type: integer)

8001

task_0

-

INFO

8002

task_0

-

INFO

$PolicyNameLength (type: integer)

$PolicyNameBuffer (type: string)

$RuleId (type: string)

$RuleNameLength (type: integer)

$RuleNameBuffer (type: string)

$RuleSddlLength (type: integer)

$RuleSddlBuffer (type: string)

$TargetUser (type: string)

$TargetProcessId (type: integer)

$FilePathLength (type: integer)

$FilePathBuffer (type: string)

$FileHashLength (type: integer)

$FileHash (type: string)

$FqbnLength (type: integer)

$Fqbn (type: string)

$TargetLogonId (type: string)

$FullFilePathLength (type: integer)

$FullFilePathBuffer (type: string)

8003

task_0

-

WARNING

$PolicyNameLength (type: integer)

$PolicyNameBuffer (type: string)

$RuleId (type: string)

$RuleNameLength (type: integer)

$RuleNameBuffer (type: string)

$RuleSddlLength (type: integer)

$RuleSddlBuffer (type: string)

$TargetUser (type: string)

$TargetProcessId (type: integer)

$FilePathLength (type: integer)

$FilePathBuffer (type: string)

$FileHashLength (type: integer)

$FileHash (type: string)

$FqbnLength (type: integer)

$Fqbn (type: string)

$TargetLogonId (type: string)

$FullFilePathLength (type: integer)

$FullFilePathBuffer (type: string)

8004

task_0

-

ERROR

$PolicyNameLength (type: integer)

$PolicyNameBuffer (type: string)

$RuleId (type: string)

$RuleNameLength (type: integer)

$RuleNameBuffer (type: string)

$RuleSddlLength (type: integer)

$RuleSddlBuffer (type: string)

$TargetUser (type: string)

$TargetProcessId (type: integer)

$FilePathLength (type: integer)

$FilePathBuffer (type: string)

$FileHashLength (type: integer)

$FileHash (type: string)

$FqbnLength (type: integer)

$Fqbn (type: string)

$TargetLogonId (type: string)

$FullFilePathLength (type: integer)

$FullFilePathBuffer (type: string)

8005

task_0

-

INFO

$PolicyNameLength (type: integer)

$PolicyNameBuffer (type: string)

$RuleId (type: string)

$RuleNameLength (type: integer)

$RuleNameBuffer (type: string)

$RuleSddlLength (type: integer)

$RuleSddlBuffer (type: string)

$TargetUser (type: string)

$TargetProcessId (type: integer)

$FilePathLength (type: integer)

$FilePathBuffer (type: string)

$FileHashLength (type: integer)

$FileHash (type: string)

$FqbnLength (type: integer)

$Fqbn (type: string)

$TargetLogonId (type: string)

$FullFilePathLength (type: integer)

$FullFilePathBuffer (type: string)

8006

task_0

-

WARNING

$PolicyNameLength (type: integer)

$PolicyNameBuffer (type: string)

$RuleId (type: string)

$RuleNameLength (type: integer)

$RuleNameBuffer (type: string)

$RuleSddlLength (type: integer)

$RuleSddlBuffer (type: string)

$TargetUser (type: string)

$TargetProcessId (type: integer)

$FilePathLength (type: integer)

$FilePathBuffer (type: string)

$FileHashLength (type: integer)

$FileHash (type: string)

$FqbnLength (type: integer)

$Fqbn (type: string)

$TargetLogonId (type: string)

$FullFilePathLength (type: integer)

$FullFilePathBuffer (type: string)

8007

task_0

-

ERROR

$PolicyNameLength (type: integer)

$PolicyNameBuffer (type: string)

$RuleId (type: string)

$RuleNameLength (type: integer)

$RuleNameBuffer (type: string)

$RuleSddlLength (type: integer)

$RuleSddlBuffer (type: string)

$TargetUser (type: string)

$TargetProcessId (type: integer)

$FilePathLength (type: integer)

$FilePathBuffer (type: string)

$FileHashLength (type: integer)

$FileHash (type: string)

$FqbnLength (type: integer)

$Fqbn (type: string)

$TargetLogonId (type: string)

$FullFilePathLength (type: integer)

$FullFilePathBuffer (type: string)

8008

task_0

-

WARNING

$FilePathLength (type: integer)

$FilePathBuffer (type: string)

8009

task_0

-

WARNING

$FilePathLength (type: integer)

$FilePathBuffer (type: string)

8010

SrpPolicyConversion

win:Start

INFO

8011

SrpPolicyConversion

win:Stop

INFO

8012

SrpPolicyConversion

win:Stop

ERROR

8013

SrpPolicyRuleSort

win:Start

INFO

8014

SrpPolicyRuleSort

win:Stop

INFO

8015

SrpPolicyHitCountJoin

win:Start

INFO

8016

SrpPolicyHitCountJoin

win:Stop

INFO

8017

SrpPolicyLoad

win:Start

INFO

8018

SrpPolicyLoad

win:Stop

INFO

8019

SrpPolicyLoad

win:Stop

ERROR

8020

task_0

-

INFO

$PolicyNameLength (type: integer)

$PolicyNameBuffer (type: string)

$RuleId (type: string)

$RuleNameLength (type: integer)

$RuleNameBuffer (type: string)

$RuleSddlLength (type: integer)

$RuleSddlBuffer (type: string)

$TargetUser (type: string)

$TargetProcessId (type: integer)

$PackageLength (type: integer)

$PackageBuffer (type: string)

$FqbnLength (type: integer)

$Fqbn (type: string)

8021

task_0

-

WARNING

$PolicyNameLength (type: integer)

$PolicyNameBuffer (type: string)

$RuleId (type: string)

$RuleNameLength (type: integer)

$RuleNameBuffer (type: string)

$RuleSddlLength (type: integer)

$RuleSddlBuffer (type: string)

$TargetUser (type: string)

$TargetProcessId (type: integer)

$PackageLength (type: integer)

$PackageBuffer (type: string)

$FqbnLength (type: integer)

$Fqbn (type: string)

8022

task_0

-

ERROR

$PolicyNameLength (type: integer)

$PolicyNameBuffer (type: string)

$RuleId (type: string)

$RuleNameLength (type: integer)

$RuleNameBuffer (type: string)

$RuleSddlLength (type: integer)

$RuleSddlBuffer (type: string)

$TargetUser (type: string)

$TargetProcessId (type: integer)

$PackageLength (type: integer)

$PackageBuffer (type: string)

$FqbnLength (type: integer)

$Fqbn (type: string)

8023

task_0

-

INFO

$PolicyNameLength (type: integer)

$PolicyNameBuffer (type: string)

$RuleId (type: string)

$RuleNameLength (type: integer)

$RuleNameBuffer (type: string)

$RuleSddlLength (type: integer)

$RuleSddlBuffer (type: string)

$TargetUser (type: string)

$TargetProcessId (type: integer)

$PackageLength (type: integer)

$PackageBuffer (type: string)

$FqbnLength (type: integer)

$Fqbn (type: string)

8024

task_0

-

WARNING

$PolicyNameLength (type: integer)

$PolicyNameBuffer (type: string)

$RuleId (type: string)

$RuleNameLength (type: integer)

$RuleNameBuffer (type: string)

$RuleSddlLength (type: integer)

$RuleSddlBuffer (type: string)

$TargetUser (type: string)

$TargetProcessId (type: integer)

$PackageLength (type: integer)

$PackageBuffer (type: string)

$FqbnLength (type: integer)

$Fqbn (type: string)

8025

task_0

-

ERROR

$PolicyNameLength (type: integer)

$PolicyNameBuffer (type: string)

$RuleId (type: string)

$RuleNameLength (type: integer)

$RuleNameBuffer (type: string)

$RuleSddlLength (type: integer)

$RuleSddlBuffer (type: string)

$TargetUser (type: string)

$TargetProcessId (type: integer)

$PackageLength (type: integer)

$PackageBuffer (type: string)

$FqbnLength (type: integer)

$Fqbn (type: string)

8026

task_0

-

ERROR

8027

task_0

-

ERROR

8028

task_0

-

WARNING

$FilePathLength (type: integer)

$FilePath (type: string)

$Sha1Hash (type: string)

$Sha256Hash (type: string)

$Result (type: integer)

$USN (type: integer)

$Sha1CatalogHash (type: string)

$Sha256CatalogHash (type: string)

8029

task_0

-

ERROR

$FilePathLength (type: integer)

$FilePath (type: string)

$Sha1Hash (type: string)

$Sha256Hash (type: string)

$Result (type: integer)

$USN (type: integer)

$Sha1CatalogHash (type: string)

$Sha256CatalogHash (type: string)

8030

task_0

-

INFO

$ImageNameLength (type: integer)

$ImageName (type: string)

$ParentProcessLength (type: integer)

$ParentProcess (type: string)

$StatusCode (type: string)

$AppLockerReason (type: integer)

$Bucket (type: integer)

$USN (type: integer)

$NtfsFileIdSize (type: integer)

$NtfsFileId (type: string)

$OriginDataPresent (type: boolean)

$SessionId (type: string)

$SubSessionId (type: string)

$Origin (type: integer)

$Type (type: integer)

$Generation (type: integer)

$SmartScreen (type: integer)

$RevocationID (type: integer)

$DataLength (type: integer)

$Data (type: string)

8030

task_0

-

-

$ImageNameLength (type: integer)

$ImageName (type: string)

$ParentProcessLength (type: integer)

$ParentProcess (type: string)

$StatusCode (type: string)

$AppLockerReason (type: integer)

$Bucket (type: integer)

$USN (type: integer)

$NtfsFileIdSize (type: integer)

$NtfsFileId (type: string)

$OriginDataPresent (type: boolean)

$SessionId (type: string)

$SubSessionId (type: string)

$Origin (type: integer)

$Type (type: integer)

$Generation (type: integer)

$SmartScreen (type: integer)

$RevocationID (type: integer)

$DataLength (type: integer)

$Data (type: string)

8031

task_0

-

INFO

$FileNameLength (type: integer)

$FileName (type: string)

$CurrentProcessLength (type: integer)

$CurrentProcess (type: string)

$ParentProcessLength (type: integer)

$ParentProcess (type: string)

$USN (type: integer)

$NtfsFileIdSize (type: integer)

$NtfsFileId (type: string)

$OriginDataPresent (type: boolean)

$SessionId (type: string)

$Origin (type: integer)

$Type (type: integer)

$Generation (type: integer)

$SmartScreen (type: integer)

$DataLength (type: integer)

$Data (type: string)

8031

task_0

-

-

$FileNameLength (type: integer)

$FileName (type: string)

$CurrentProcessLength (type: integer)

$CurrentProcess (type: string)

$ParentProcessLength (type: integer)

$ParentProcess (type: string)

$USN (type: integer)

$NtfsFileIdSize (type: integer)

$NtfsFileId (type: string)

$OriginDataPresent (type: boolean)

$SessionId (type: string)

$Origin (type: integer)

$Type (type: integer)

$Generation (type: integer)

$SmartScreen (type: integer)

$DataLength (type: integer)

$Data (type: string)

8032

task_0

-

ERROR

$ImageNameLength (type: integer)

$ImageName (type: string)

$ParentProcessLength (type: integer)

$ParentProcess (type: string)

$StatusCode (type: string)

$AppLockerReason (type: integer)

$Bucket (type: integer)

$USN (type: integer)

$NtfsFileIdSize (type: integer)

$NtfsFileId (type: string)

$OriginDataPresent (type: boolean)

$SessionId (type: string)

$SubSessionId (type: string)

$Origin (type: integer)

$Type (type: integer)

$Generation (type: integer)

$SmartScreen (type: integer)

$RevocationID (type: integer)

$DataLength (type: integer)

$Data (type: string)

8033

task_0

-

WARNING

$ImageNameLength (type: integer)

$ImageName (type: string)

$ParentProcessLength (type: integer)

$ParentProcess (type: string)

$StatusCode (type: string)

$AppLockerReason (type: integer)

$Bucket (type: integer)

$USN (type: integer)

$NtfsFileIdSize (type: integer)

$NtfsFileId (type: string)

$OriginDataPresent (type: boolean)

$SessionId (type: string)

$SubSessionId (type: string)

$Origin (type: integer)

$Type (type: integer)

$Generation (type: integer)

$SmartScreen (type: integer)

$RevocationID (type: integer)

$DataLength (type: integer)

$Data (type: string)

8034

task_0

-

INFO

$ImageNameLength (type: integer)

$ImageName (type: string)

$StatusCode (type: string)

$Bucket (type: integer)

$OriginDataPresent (type: boolean)

$SessionId (type: string)

$SubSessionId (type: string)

$Origin (type: integer)

$Type (type: integer)

$Generation (type: integer)

$SmartScreen (type: integer)

$RevocationID (type: integer)

$DataLength (type: integer)

$Data (type: string)

8035

task_0

-

ERROR

$ImageNameLength (type: integer)

$ImageName (type: string)

$StatusCode (type: string)

$Bucket (type: integer)

$OriginDataPresent (type: boolean)

$SessionId (type: string)

$SubSessionId (type: string)

$Origin (type: integer)

$Type (type: integer)

$Generation (type: integer)

$SmartScreen (type: integer)

$RevocationID (type: integer)

$DataLength (type: integer)

$Data (type: string)

8036

task_0

-

ERROR

$IsApproved (type: boolean)

$CLSID (type: string)

8037

task_0

-

INFO

$FilePathLength (type: integer)

$FilePath (type: string)

$Sha1Hash (type: string)

$Sha256Hash (type: string)

$Result (type: integer)

$USN (type: integer)

$Sha1CatalogHash (type: string)

$Sha256CatalogHash (type: string)

8038

task_0

-

INFO

$TotalSignatureCount (type: integer)

$Signature (type: integer)

$PublisherNameLength (type: integer)

$PublisherName (type: string)

$IssuerNameLength (type: integer)

$IssuerName (type: string)

$PublisherTBSHashSize (type: integer)

$PublisherTBSHash (type: string)

$IssuerTBSHashSize (type: integer)

$IssuerTBSHash (type: string)

Microsoft-Windows-Dhcp-Client

1000

AddressConfigurationStateEvent

LostIpAddress

WARNING

$Address (type: integer)

$HWLength (type: integer)

$HWAddress (type: string)

1001

AddressConfigurationStateEvent

IpAddressNotAssigned

ERROR

$HWLength (type: integer)

$HWAddress (type: string)

$StatusCode (type: integer)

1002

AddressConfigurationStateEvent

IpLeaseDenied

ERROR

$Address1 (type: integer)

$HWLength (type: integer)

$HWAddress (type: string)

$Address2 (type: integer)

1003

AddressConfigurationStateEvent

IpLeaseRenewalFailed

WARNING

$HWLength (type: integer)

$HWAddress (type: string)

$StatusCode (type: integer)

1004

ServiceStateEvent

ErrorServiceStop

ERROR

$StatusCode (type: integer)

$DwordVal (type: integer)

1005

AddressConfigurationStateEvent

IPConflict

WARNING

$Address (type: integer)

$HWLength (type: integer)

$HWAddress (type: string)

1006

AddressConfigurationStateEvent

AutoconfigurationFailed

WARNING

$HWLength (type: integer)

$HWAddress (type: string)

$StatusCode (type: integer)

1007

AddressConfigurationStateEvent

AutoconfigurationSuccess

INFO

$HWLength (type: integer)

$HWAddress (type: string)

$Address (type: integer)

1008

AddressConfigurationStateEvent

InitNetworkInterfaceFailed

ERROR

$StatusCode (type: integer)

1018

AddressConfigurationStateEvent

Dhcpv6InitFailed

ERROR

$StatusCode (type: integer)

50001

MediaStateEvent

MediaConnect

INFO

$InterfaceId (type: integer)

50002

MediaStateEvent

MediaDisconnect

INFO

$InterfaceId (type: integer)

50003

MediaStateEvent

MediaReconnect

INFO

$InterfaceId (type: integer)

50004

AddressConfigurationStateEvent

DhcpEnabled

INFO

$InterfaceId (type: integer)

50005

AddressConfigurationStateEvent

DhcpDisabled

INFO

$InterfaceId (type: integer)

50006

ProtocolStateEvent

InitRequestAck

INFO

$InterfaceId (type: integer)

50007

ProtocolStateEvent

InitDORA

INFO

$InterfaceId (type: integer)

50008

AddressConfigurationStateEvent

StaticToDhcp

INFO

$InterfaceId (type: integer)

50009

ProtocolStateEvent

DiscoverSent

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

50010

ProtocolStateEvent

OfferReceived

INFO

$InterfaceId (type: integer)

$Address1 (type: integer)

$Address2 (type: integer)

50011

ProtocolStateEvent

OfferDiscarded

ERROR

$InterfaceId (type: integer)

$StatusCode (type: integer)

50012

ProtocolStateEvent

RequestSent

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

50013

ProtocolStateEvent

AckReceived

INFO

$InterfaceId (type: integer)

$Address1 (type: integer)

$Address2 (type: integer)

50014

ProtocolStateEvent

AckDiscarded

ERROR

$InterfaceId (type: integer)

$StatusCode (type: integer)

50015

ProtocolStateEvent

NackReceived

ERROR

$InterfaceId (type: integer)

50016

ProtocolStateEvent

UnknownMessageDiscarded

WARNING

$InterfaceId (type: integer)

50017

ProtocolStateEvent

DeclineSent

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

50018

ProtocolStateEvent

InformSent

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

50019

ProtocolStateEvent

ReleaseSent

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

50020

ProtocolStateEvent

BroadcastbitToggled

INFO

$InterfaceId (type: integer)

$BoolFlag (type: boolean)

50021

ProtocolStateEvent

ErrorExtractingOptions

ERROR

$InterfaceId (type: integer)

$StatusCode (type: integer)

50022

AddressConfigurationStateEvent

FallbackConfigSet

INFO

$InterfaceId (type: integer)

$Address (type: integer)

$StatusCode (type: integer)

50023

ProtocolStateEvent

OfferReceiveTimeout

WARNING

$InterfaceId (type: integer)

50024

ProtocolStateEvent

AckReceiveTimeout

WARNING

$InterfaceId (type: integer)

50025

ProtocolStateEvent

CancelRenewal

INFO

$InterfaceId (type: integer)

50028

AddressConfigurationStateEvent

AddressPlumbed

INFO

$Address (type: integer)

$InterfaceId (type: integer)

$StatusCode (type: integer)

50029

AddressConfigurationStateEvent

AddressUnplumbed

INFO

$Address (type: integer)

$InterfaceId (type: integer)

$StatusCode (type: integer)

50030

AddressConfigurationStateEvent

PlumbingError

ERROR

$InterfaceId (type: integer)

$StatusCode (type: integer)

50032

AddressConfigurationStateEvent

LeaseExpired

INFO

$InterfaceId (type: integer)

$Address (type: integer)

50033

MediaStateEvent

InterfaceAdded

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

50034

AddressConfigurationStateEvent

ErrorInitializeInterface

ERROR

$InterfaceId (type: integer)

$StatusCode (type: integer)

50035

AddressConfigurationStateEvent

RouteUpdated

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

50036

ServiceStateEvent

ServiceStart

INFO

50037

ServiceStateEvent

ServiceStop

INFO

$DwordVal (type: integer)

50038

ServiceStateEvent

ErrorInitService

ERROR

$StatusCode (type: integer)

50039

WinsockStateEvent

ErrorOpeningSocket

ERROR

$InterfaceId (type: integer)

$StatusCode (type: integer)

50040

WinsockStateEvent

ErrorClosingSocket

ERROR

$InterfaceId (type: integer)

$StatusCode (type: integer)

50041

DNSStateEvent

DomainChangeNotification

INFO

50042

DNSStateEvent

DnsRegistrationDone

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

$Dword (type: integer)

50043

DNSStateEvent

DnsDeregistrationDone

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

50044

ProtocolStateEvent

InformAckReceived

INFO

$InterfaceId (type: integer)

50053

ProtocolStateEvent

NetworkError

ERROR

$InterfaceId (type: integer)

$StatusCode (type: integer)

50055

AddressConfigurationStateEvent

GatewayReachable

INFO

$Address (type: integer)

$InterfaceId (type: integer)

50056

AddressConfigurationStateEvent

GatewayUnreachable

ERROR

$InterfaceId (type: integer)

50058

AddressConfigurationStateEvent

SuccessfulLease

INFO

50059

AddressConfigurationStateEvent

RouteAdded

INFO

$Str1 (type: string)

$Str2 (type: string)

$Str3 (type: string)

$Str4 (type: string)

50060

AddressConfigurationStateEvent

RouteDeleted

INFO

$Str1 (type: string)

$Str2 (type: string)

$Str3 (type: string)

$Str4 (type: string)

50061

ProtocolStateEvent

OfferReceivedForDiagnostics

INFO

$InterfaceId (type: integer)

50062

AddressConfigurationStateEvent

StartGatewayReachabilityTest

INFO

$Address (type: integer)

$InterfaceId (type: integer)

50063

AddressConfigurationStateEvent

NLANotified

INFO

$InterfaceId (type: integer)

50064

AddressConfigurationStateEvent

CacheScavengerRun

INFO

$InterfaceId (type: integer)

50065

AddressConfigurationStateEvent

NetworkHintMatchFound

INFO

$NetworkHintString (type: string)

$NetworkHint (type: string)

$HWLength (type: integer)

$HWAddress (type: string)

50066

AddressConfigurationStateEvent

MatchedAddressPlumbed

INFO

$NetworkHintString (type: string)

$NetworkHint (type: string)

$HWLength (type: integer)

$HWAddress (type: string)

50067

AddressConfigurationStateEvent

NetworkHintReceived

INFO

$NetworkHintString (type: string)

$NetworkHint (type: string)

$HWLength (type: integer)

$HWAddress (type: string)

50068

AddressConfigurationStateEvent

AddressAlreadyExists

ERROR

$Address (type: integer)

$InterfaceId (type: integer)

50069

ProtocolStateEvent

BroadcastbitCached

INFO

$BoolFlag (type: boolean)

$InterfaceId (type: integer)

50070

AddressConfigurationStateEvent

NetworkHintNotReceived

INFO

$InterfaceId (type: integer)

50071

AddressConfigurationStateEvent

NetworkHintMatchNotFound

INFO

$NetworkHintString (type: string)

$NetworkHint (type: string)

$InterfaceId (type: integer)

50072

ProtocolStateEvent

DiagnosticsInitiated

INFO

$InterfaceId (type: integer)

50073

ProtocolStateEvent

DiagnosticsFailed

INFO

$InterfaceId (type: integer)

50074

ProtocolStateEvent

FirewallPortExempted

INFO

$DwordVal (type: integer)

$InterfaceId (type: integer)

$DwordVal1 (type: integer)

50075

ProtocolStateEvent

FirewallPortClosed

INFO

$DwordVal (type: integer)

$InterfaceId (type: integer)

$DwordVal1 (type: integer)

50076

AddressConfigurationStateEvent

MatchedAddressNotPlumbed

INFO

$NetworkHintString (type: string)

$NetworkHint (type: string)

$HWLength (type: integer)

$HWAddress (type: string)

50077

ProtocolStateEvent

AggressiveRetryOn

INFO

$InterfaceId (type: integer)

50081

ProtocolStateEvent

AbandonDiscovInCSSinceDhcp

INFO

$DwordVal1 (type: integer)

$InterfaceId (type: integer)

$Address (type: string)

50083

MediaStateEvent

AcquireNICReference

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

50084

MediaStateEvent

ReleaseNICReference

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

50085

ProtocolStateEvent

RegisterConflictDetectionNotification

INFO

$InterfaceId (type: integer)

$Address (type: integer)

50086

ProtocolStateEvent

ConflictDetectionComplete

INFO

$InterfaceId (type: integer)

$Address (type: integer)

$StatusCode (type: integer)

50087

ProtocolStateEvent

ConflictDetectionTentative

INFO

$InterfaceId (type: integer)

$Address (type: integer)

50088

NetworkParameterStateEvent

ParamChangeRegister

INFO

$ProcID (type: integer)

$UniqueID (type: integer)

$EventPath (type: string)

$ClassIDSize (type: integer)

$ClassID (type: string)

$OptListSize (type: integer)

$OptList (type: string)

$IsVendor (type: boolean)

50089

NetworkParameterStateEvent

ParamChangeUnregister

INFO

$ProcID (type: integer)

$UniqueID (type: integer)

50090

NetworkParameterStateEvent

ParamChangeNotification

INFO

$ProcID (type: integer)

$UniqueID (type: integer)

$StatusCode (type: integer)

50091

NetworkParameterStateEvent

ParamRequest

INFO

$InterfaceLUID (type: string)

$ClassIDSize (type: integer)

$ClassID (type: string)

$StandardOptListSize (type: integer)

$StandardOptList (type: string)

$VendorOptListSize (type: integer)

$VendorOptList (type: string)

50092

NetworkParameterStateEvent

ParamRequestUnblocked

INFO

$InterfaceLUID (type: string)

$InterfaceId (type: integer)

50093

NetworkParameterStateEvent

ParamRequestComplete

INFO

$InterfaceLUID (type: string)

$InterfaceId (type: integer)

$StatusCode (type: integer)

$OptDataSize (type: integer)

$OptData (type: string)

50094

ProtocolStateEvent

FirewallPortExemptionTriggered

INFO

$InterfaceId (type: integer)

$DwordVal1 (type: integer)

50095

ProtocolStateEvent

FirewallPortCloseTriggered

INFO

$InterfaceId (type: integer)

$DwordVal1 (type: integer)

50096

ProtocolStateEvent

AbandonDiscovInCSSinceStateless

INFO

$DwordVal1 (type: integer)

$InterfaceId (type: integer)

$Address (type: string)

50097

ProtocolStateEvent

AbandonDiscovInCSSinceStatic

INFO

$DwordVal1 (type: integer)

$InterfaceId (type: integer)

$Address (type: string)

50098

ProtocolStateEvent

DontStartDiscovInCSSinceV6Plumbed

INFO

$InterfaceId (type: integer)

$Address (type: string)

50099

ProtocolStateEvent

StartDiscovInCSSinceV6Unplumbed

INFO

$InterfaceId (type: integer)

50100

ProtocolStateEvent

StartDiscovInCSAtCompulsoryTime

INFO

$InterfaceId (type: integer)

50101

NetworkParameterStateEvent

NotifyCSEntry

INFO

50102

NetworkParameterStateEvent

NotifyCSExit

INFO

50103

ServiceStateEvent

ServiceShutdown

INFO

50104

ServiceStateEvent

ServiceShutdown

INFO

50105

ServiceStateEvent

ServiceShutdown

INFO

50106

ServiceStateEvent

ServiceShutdown

INFO

60000

ProtocolStateEvent

PerfTrackAckConfirm

INFO

$InterfaceGuid (type: string)

$InterfaceId (type: integer)

$Address1 (type: integer)

$Address2 (type: integer)

60001

ProtocolStateEvent

PerfTrackAckDORA

INFO

$InterfaceGuid (type: string)

$InterfaceId (type: integer)

$Address1 (type: integer)

$Address2 (type: integer)

60002

AddressConfigurationStateEvent

PerfTrackGatewayReachable

INFO

$InterfaceGuid (type: string)

$InterfaceId (type: integer)

60003

AddressConfigurationStateEvent

PerfTrackStatic

INFO

$InterfaceGuid (type: string)

$InterfaceId (type: integer)

60004

AddressConfigurationStateEvent

PerfTrackFallbackAddressSet

INFO

$InterfaceGuid (type: string)

$InterfaceId (type: integer)

$StatusCode (type: integer)

60005

ProtocolStateEvent

PerfTrackToggleRequestAck

INFO

$InterfaceGuid (type: string)

$InterfaceId (type: integer)

$Address1 (type: integer)

$Address2 (type: integer)

60006

ProtocolStateEvent

PerfTrackToggleDORAAck

INFO

$InterfaceGuid (type: string)

$InterfaceId (type: integer)

$Address1 (type: integer)

$Address2 (type: integer)

60007

ProtocolStateEvent

PerfTrackToggleInitDORA

INFO

$InterfaceGuid (type: string)

$InterfaceId (type: integer)

$Address1 (type: integer)

$Address2 (type: integer)

60010

ProtocolStateEvent

PerfTrackAckConfirm

INFO

$InterfaceGuid (type: string)

$InterfaceId (type: integer)

$Address1 (type: integer)

$Address2 (type: integer)

60011

ProtocolStateEvent

PerfTrackAckDORA

INFO

$InterfaceGuid (type: string)

$InterfaceId (type: integer)

$Address1 (type: integer)

$Address2 (type: integer)

60012

AddressConfigurationStateEvent

PerfTrackGatewayReachable

INFO

$InterfaceGuid (type: string)

$InterfaceId (type: integer)

60013

AddressConfigurationStateEvent

PerfTrackStatic

INFO

$InterfaceGuid (type: string)

$InterfaceId (type: integer)

60014

AddressConfigurationStateEvent

PerfTrackFallbackAddressSet

INFO

$InterfaceGuid (type: string)

$InterfaceId (type: integer)

$StatusCode (type: integer)

60015

ProtocolStateEvent

PerfTrackToggleRequestAck

INFO

$InterfaceGuid (type: string)

$InterfaceId (type: integer)

$Address1 (type: integer)

$Address2 (type: integer)

60016

ProtocolStateEvent

PerfTrackToggleDORAAck

INFO

$InterfaceGuid (type: string)

$InterfaceId (type: integer)

$Address1 (type: integer)

$Address2 (type: integer)

60017

ProtocolStateEvent

PerfTrackToggleInitDORA

INFO

$InterfaceGuid (type: string)

$InterfaceId (type: integer)

$Address1 (type: integer)

$Address2 (type: integer)

60018

MediaStateEvent

PerfTrackMediaConnect

INFO

$InterfaceGuid (type: string)

$InterfaceId (type: integer)

60019

MediaStateEvent

PerfTrackMediaConnectEnd

INFO

$InterfaceGuid (type: string)

$InterfaceId (type: integer)

60020

MediaStateEvent

PerfTrackMediaReconnect

INFO

$InterfaceGuid (type: string)

$InterfaceId (type: integer)

60021

ProtocolStateEvent

PerfTrackDiscoverNetworkLatency

INFO

$InterfaceGuid (type: string)

$InterfaceId (type: integer)

60022

ProtocolStateEvent

PerfTrackDiscoverTimeout

INFO

$InterfaceGuid (type: string)

$InterfaceId (type: integer)

60023

ProtocolStateEvent

PerfTrackRequestNetworkLatency

INFO

$InterfaceGuid (type: string)

$InterfaceId (type: integer)

60024

ProtocolStateEvent

PerfTrackRequestNoResponse

INFO

$InterfaceGuid (type: string)

$InterfaceId (type: integer)

60025

AddressConfigurationStateEvent

PerfTrackFallbackAfterDiscover

INFO

$InterfaceGuid (type: string)

$Address (type: integer)

$InterfaceId (type: integer)

60026

AddressConfigurationStateEvent

ProcessDHCPRequestForeverEntered

INFO

60027

AddressConfigurationStateEvent

ProcessDHCPRequestForeverTimedout

INFO

60028

AddressConfigurationStateEvent

CreateRenewalSignalHandleFailed

ERROR

$StatusCode (type: integer)

60029

AddressConfigurationStateEvent

DeleteRenewTimerFailed

ERROR

$StatusCode (type: integer)

60030

AddressConfigurationStateEvent

ResetRenewalSignalHandleFailed

ERROR

$StatusCode (type: integer)

60031

AddressConfigurationStateEvent

CreateRenewTimerFailed

ERROR

$StatusCode (type: integer)

60032

AddressConfigurationStateEvent

ProcessDHCPRequestForeverFailed

ERROR

$StatusCode (type: integer)

Microsoft-Windows-DHCPv6-Client

1000

AddressConfigurationStateEvent

LostIpAddress

ERROR

$InterfaceGUID (type: string)

$HWLength (type: integer)

$HWAddress (type: string)

1003

AddressConfigurationStateEvent

LeaseRenewalFailed

ERROR

$HWLength (type: integer)

$HWAddress (type: string)

$StatusCode (type: integer)

1004

ServiceStateEvent

ErrorServiceStop

ERROR

$StatusCode (type: integer)

$DwordVal (type: integer)

1005

AddressConfigurationStateEvent

IPConflict

WARNING

$InterfaceGUID (type: string)

$HWLength (type: integer)

$HWAddress (type: string)

1006

MediaStateEvent

RAChanged

INFO

$InterfaceId (type: integer)

$Flag1 (type: boolean)

$Flag2 (type: boolean)

1008

AddressConfigurationStateEvent

InitNetworkInterfaceFailed

ERROR

$StatusCode (type: integer)

1009

ServiceStateEvent

DHCPv6DUIDValidationFailed

INFO

$HWLength (type: integer)

$HWAddress (type: string)

$DUIDLength (type: integer)

$DUID (type: string)

$NewHWLength (type: integer)

$NewHWAddress (type: string)

$NewDUIDLength (type: integer)

$NewDUID (type: string)

1010

AddressConfigurationStateEvent

DHCPv6NetworkHintMatch

INFO

$NetworkHintString (type: string)

$NetworkHint (type: string)

$HWLength (type: integer)

$HWAddress (type: string)

1011

AddressConfigurationStateEvent

DHCPv6NetworkHintStatefullConfig

INFO

$Address1 (type: string)

$NetworkHintString (type: string)

$NetworkHint (type: string)

$HWLength (type: integer)

$HWAddress (type: string)

1012

AddressConfigurationStateEvent

DHCPv6NetworkHintStatelessConfig

INFO

$NetworkHintString (type: string)

$NetworkHint (type: string)

$HWLength (type: integer)

$HWAddress (type: string)

1013

AddressConfigurationStateEvent

DHCPv6NetworkHintConfigExpired

INFO

$NetworkHintString (type: string)

$NetworkHint (type: string)

$HWLength (type: integer)

$HWAddress (type: string)

50057

ProtocolStateEvent

NetworkError

ERROR

$StatusCode (type: integer)

50071

MediaStateEvent

AcquireNICReference

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

50072

MediaStateEvent

ReleaseNICReference

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

51001

MediaStateEvent

MediaConnect

INFO

$InterfaceId (type: integer)

51002

MediaStateEvent

MediaDisconnect

INFO

$InterfaceId (type: integer)

51004

ProtocolStateEvent

InitConfirmReply

INFO

$InterfaceId (type: integer)

51005

ProtocolStateEvent

InitSARR

INFO

$InterfaceId (type: integer)

$DwordVal1 (type: integer)

$DwordVal2 (type: integer)

51006

ProtocolStateEvent

SolicitSent

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

51007

ProtocolStateEvent

AdvertiseReceived

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

$Address (type: string)

51008

ProtocolStateEvent

AdvertiseDiscarded

ERROR

$InterfaceId (type: integer)

$StatusCode (type: integer)

51009

ProtocolStateEvent

RequestSent

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

51010

ProtocolStateEvent

ReplyForRequestReceived

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

$Address (type: string)

51011

ProtocolStateEvent

InvalidReplyForRequestReceived

ERROR

$InterfaceId (type: integer)

$StatusCode (type: integer)

51012

ProtocolStateEvent

RenewSent

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

51013

ProtocolStateEvent

ReplyForRenewReceived

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

51014

ProtocolStateEvent

InvalidReplyForRenewReceived

ERROR

$InterfaceId (type: integer)

$StatusCode (type: integer)

51015

ProtocolStateEvent

RebindSent

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

51016

ProtocolStateEvent

ReplyForRebindReceived

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

51017

ProtocolStateEvent

InvalidReplyForRebindReceived

ERROR

$InterfaceId (type: integer)

$StatusCode (type: integer)

51018

ProtocolStateEvent

ReleaseSent

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

51019

ProtocolStateEvent

DeclineSent

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

51020

ProtocolStateEvent

ReplyForDeclineReceived

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

51021

ProtocolStateEvent

InvalidReplyForDeclineReceived

ERROR

$InterfaceId (type: integer)

$StatusCode (type: integer)

51022

ProtocolStateEvent

ConfirmSent

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

51023

ProtocolStateEvent

ReplyForConfirmReceived

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

51024

ProtocolStateEvent

InvalidReplyForConfirmReceived

ERROR

$InterfaceId (type: integer)

$StatusCode (type: integer)

51025

ProtocolStateEvent

InfoRequestSent

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

51026

ProtocolStateEvent

ReplyForInfoRequestReceived

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

51027

ProtocolStateEvent

InvalidReplyForInfoRequestReceived

ERROR

$InterfaceId (type: integer)

$StatusCode (type: integer)

51029

ProtocolStateEvent

ErrorCreatingPacket

ERROR

$InterfaceId (type: integer)

$StatusCode (type: integer)

51030

ProtocolStateEvent

ErrorExtractingOptions

ERROR

$InterfaceId (type: integer)

$StatusCode (type: integer)

51031

AddressConfigurationStateEvent

StatefulToStateless

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

$Dword1 (type: integer)

$Dword2 (type: integer)

51032

AddressConfigurationStateEvent

StatelessToStateful

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

51033

AddressConfigurationStateEvent

NonDhcpToStateful

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

51034

AddressConfigurationStateEvent

NonDhcpToStateless

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

$Dword1 (type: integer)

$Dword2 (type: integer)

51035

AddressConfigurationStateEvent

StaticMode

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

51036

ProtocolStateEvent

ErrorInParsing

ERROR

$InterfaceId (type: integer)

$StatusCode (type: integer)

51037

ProtocolStateEvent

InformationRefreshTimeOptionReceived

INFO

$InterfaceId (type: integer)

$RefreshTime (type: integer)

51038

ProtocolStateEvent

InformationRefreshTimeExpired

INFO

$InterfaceId (type: integer)

51039

AddressConfigurationStateEvent

AddressPlumbed

INFO

$Address (type: string)

$InterfaceId (type: integer)

$StatusCode (type: integer)

51040

AddressConfigurationStateEvent

AddressUnplumbed

INFO

$Address (type: string)

$InterfaceId (type: integer)

$StatusCode (type: integer)

51043

MediaStateEvent

InterfaceAdded

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

51044

AddressConfigurationStateEvent

ErrorInitializingInterface

ERROR

$InterfaceId (type: integer)

$StatusCode (type: integer)

51045

AddressConfigurationStateEvent

ErrorPlumbingParameters

ERROR

$StatusCode (type: integer)

51046

ServiceStateEvent

ServiceStart

INFO

51047

ServiceStateEvent

ServiceStop

INFO

$DwordVal (type: integer)

51048

WinsockStateEvent

ErrorOpeningSocket

ERROR

$InterfaceId (type: integer)

$StatusCode (type: integer)

51049

WinsockStateEvent

ErrorClosingSocket

ERROR

$InterfaceId (type: integer)

$StatusCode (type: integer)

51050

DNSStateEvent

DnsRegistrationDone

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

$Dword (type: integer)

51051

DNSStateEvent

dnsDeregistrationDone

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

51057

ServiceStateEvent

ServiceStopWithRefCount

INFO

$DwordVal (type: integer)

51058

AddressConfigurationStateEvent

StatefulToStateful

INFO

$InterfaceId (type: integer)

$StatusCode (type: integer)

51059

ProtocolStateEvent

InvalidMessageDiscarded

ERROR

51060

AddressConfigurationStateEvent

SetClassID

INFO

$InterfaceGUID (type: string)

$HWLength (type: integer)

$HWAddress (type: string)

51061

AddressConfigurationStateEvent

AddressAlreadyExists

ERROR

$Address (type: string)

$InterfaceId (type: integer)

51062

AddressConfigurationStateEvent

FailedToObtainLease

ERROR

$HWLength (type: integer)

$HWAddress (type: string)

$StatusCode (type: integer)

51063

ProtocolStateEvent

FirewallPortExempted

INFO

$DwordVal (type: integer)

$InterfaceId (type: integer)

$DwordVal1 (type: integer)

51064

ProtocolStateEvent

FirewallPortClosed

INFO

$DwordVal (type: integer)

$InterfaceId (type: integer)

$DwordVal1 (type: integer)

51065

AddressConfigurationStateEvent

ModeChanging

INFO

$InterfaceId (type: integer)

$NewMode (type: integer)

51066

ProtocolStateEvent

AggressiveRetryOn

INFO

$InterfaceId (type: integer)

51067

ProtocolStateEvent

AbandonSolicitInCSSinceDhcp

INFO

$DwordVal1 (type: integer)

$InterfaceId (type: integer)

$Address1 (type: integer)

$DwordVal2 (type: integer)

$DwordVal3 (type: integer)

51068

ProtocolStateEvent

AbandonSolicitInCSSinceStatic

INFO

$DwordVal1 (type: integer)

$InterfaceId (type: integer)

$Address1 (type: integer)

$DwordVal2 (type: integer)

$DwordVal3 (type: integer)

51069

ProtocolStateEvent

DontStartSolicitInCSSinceV4Plumbed

INFO

$InterfaceId (type: integer)

$Address1 (type: integer)

$DwordVal1 (type: integer)

$DwordVal2 (type: integer)

51070

ProtocolStateEvent

StartSolicitInCSSinceV4Unplumbed

INFO

$InterfaceId (type: integer)

$DwordVal1 (type: integer)

$DwordVal2 (type: integer)

51073

ProtocolStateEvent

FirewallPortExemptionTriggered

INFO

$InterfaceId (type: integer)

$DwordVal1 (type: integer)

51074

ProtocolStateEvent

FirewallPortCloseTriggered

INFO

$InterfaceId (type: integer)

$DwordVal1 (type: integer)

51075

NetworkParameterStateEvent

NotifyCSEntry

INFO

51076

NetworkParameterStateEvent

NotifyCSExit

INFO

51077

ProtocolStateEvent

StartSolicitInCSAtCompulsoryTime

INFO

$InterfaceId (type: integer)

$DwordVal1 (type: integer)

$DwordVal2 (type: integer)

51078

ProtocolStateEvent

EnableDhcpV6

INFO

$InterfaceId (type: integer)

$DwordVal1 (type: integer)

51079

ProtocolStateEvent

DisableDhcpV6

INFO

$InterfaceId (type: integer)

$DwordVal1 (type: integer)

51080

ProtocolStateEvent

NoProcessingSinceDhcpV6Disabled

INFO

$InterfaceId (type: integer)

51081

ProtocolStateEvent

AbandonSolicitInCSSinceV6Static

INFO

$DwordVal1 (type: integer)

$InterfaceId (type: integer)

$Address (type: string)

$DwordVal2 (type: integer)

$DwordVal3 (type: integer)

51082

ProtocolStateEvent

AbandonSolicitInCSSinceV6Stateless

INFO

$DwordVal1 (type: integer)

$InterfaceId (type: integer)

$Address (type: string)

$DwordVal2 (type: integer)

$DwordVal3 (type: integer)

51083

ProtocolStateEvent

AbandonSolicitSinceNonMulticast

INFO

$InterfaceId (type: integer)

51084

ProtocolStateEvent

NoteFlagValues

INFO

$InterfaceId (type: integer)

$DwordVal1 (type: integer)

$DwordVal2 (type: integer)

60000

ProtocolStateEvent

PerfTrackSARR

INFO

$InterfaceGuid (type: string)

$InterfaceId (type: integer)

$Address1 (type: string)

60001

ProtocolStateEvent

PerfTrackInfoRequest

INFO

$InterfaceGuid (type: string)

$InterfaceId (type: integer)

60002

MediaStateEvent

PerfTrackMediaConnect

INFO

$InterfaceGuid (type: string)

$InterfaceId (type: integer)

60003

MediaStateEvent

PerfTrackMediaConnectEnd

INFO

$InterfaceGuid (type: string)

$InterfaceId (type: integer)

Microsoft-Windows-Directory-Services-SAM-Utility

1

task_0

Opcode_SamDatabaseChangeEvent

INFO

Microsoft-Windows-Directory-Services-SAM

12288

task_0

-

ERROR

$__binLength (type: integer)

$ErrorCode (type: string)

12289

task_0

-

ERROR

$__binLength (type: integer)

$ErrorCode (type: string)

12291

task_0

-

ERROR

$__binLength (type: integer)

$LogStatus (type: string)

12293

task_0

-

ERROR

$AccountDistinguishedName (type: string)

12294

task_0

-

ERROR

$UserName (type: string)

$__binLength (type: integer)

$ErrorCode (type: string)

12295

task_0

-

INFO

$FilePath (type: string)

$__binLength (type: integer)

$WinError (type: string)

12296

task_0

-

INFO

$DirectoryPath (type: string)

$__binLength (type: integer)

$WinError (type: string)

12297

task_0

-

INFO

$ComputerName (type: string)

12298

task_0

-

ERROR

$ComputerName (type: string)

12299

task_0

-

WARNING

$__binLength (type: integer)

$ErrorCode (type: string)

12300

task_0

-

INFO

12301

task_0

-

INFO

12302

task_0

-

ERROR

$SecurityPackage (type: string)

$UserName (type: string)

$__binLength (type: integer)

$ErrorCode (type: string)

12303

task_0

-

ERROR

$AccountDistinguishedName (type: string)

12304

task_0

-

INFO

$AccountDistinguishedName (type: string)

$SystemAssignedAccountName (type: string)

12305

task_0

-

WARNING

$__binLength (type: integer)

$ErrorCode (type: string)

16384

task_0

-

INFO

$AccountName (type: string)

$__binLength (type: integer)

$ErrorCode (type: string)

16385

task_0

-

WARNING

$UserName (type: string)

$__binLength (type: integer)

$ErrorCode (type: string)

16386

task_0

-

WARNING

$__binLength (type: integer)

$ErrorCode (type: string)

16387

task_0

-

WARNING

$GroupName (type: string)

$__binLength (type: integer)

$ErrorCode (type: string)

16388

task_0

-

WARNING

$__binLength (type: integer)

$ErrorCode (type: string)

16389

task_0

-

WARNING

$GroupName (type: string)

$__binLength (type: integer)

$ErrorCode (type: string)

16390

task_0

-

WARNING

$__binLength (type: integer)

$ErrorCode (type: string)

16391

task_0

-

WARNING

$AccountDistinguishedName (type: string)

$GroupName (type: string)

$__binLength (type: integer)

$ErrorCode (type: string)

16392

task_0

-

WARNING

$AccountSID (type: string)

$AccountDistinguishedName (type: string)

$__binLength (type: integer)

$ErrorCode (type: string)

16393

task_0

-

WARNING

$AccountDistinguishedName (type: string)

$GroupName (type: string)

$__binLength (type: integer)

$ErrorCode (type: string)

16394

task_0

-

WARNING

$AccountRID (type: integer)

$GroupName (type: string)

$__binLength (type: integer)

$ErrorCode (type: string)

16395

task_0

-

ERROR

$__binLength (type: integer)

$ErrorCode (type: string)

16398

task_0

-

ERROR

$SecurityPackage (type: string)

$__binLength (type: integer)

$ErrorCode (type: string)

16399

task_0

-

ERROR

$__binLength (type: integer)

$ErrorCode (type: string)

16400

task_0

-

INFO

$UserName (type: string)

$__binLength (type: integer)

$ErrorCode (type: string)

16401

task_0

-

INFO

$AccountName (type: string)

$GroupName (type: string)

$ErrorMessage (type: string)

$__binLength (type: integer)

$ErrorCode (type: string)

16402

task_0

-

INFO

$AccountName (type: string)

$GroupName (type: string)

$ErrorMessage (type: string)

$__binLength (type: integer)

$ErrorCode (type: string)

16403

task_0

-

INFO

$AccountName (type: string)

$ErrorMessage (type: string)

$__binLength (type: integer)

$ErrorCode (type: string)

16405

task_0

-

ERROR

$__binLength (type: integer)

$ErrorCode (type: string)

16406

task_0

-

WARNING

$UserName (type: string)

$__binLength (type: integer)

$ErrorCode (type: string)

16407

task_0

-

WARNING

$GroupName (type: string)

$__binLength (type: integer)

$ErrorCode (type: string)

16408

task_0

-

INFO

16409

task_0

-

ERROR

$AccountName (type: string)

$__binLength (type: integer)

$ErrorCode (type: string)

16410

task_0

-

ERROR

$__binLength (type: integer)

$ErrorCode (type: string)

16411

task_0

-

ERROR

$AccountName (type: string)

$__binLength (type: integer)

$ErrorCode (type: string)

16412

task_0

-

ERROR

$__binLength (type: integer)

$ErrorCode (type: string)

16413

task_0

-

INFO

$AccountName (type: string)

$GroupName (type: string)

$ErrorString (type: string)

$__binLength (type: integer)

$BinaryData (type: string)

16642

task_0

-

ERROR

$__binLength (type: integer)

$ErrorCode (type: string)

16643

task_0

-

ERROR

$__binLength (type: integer)

$ErrorCode (type: string)

16644

task_0

-

ERROR

$__binLength (type: integer)

$ErrorCode (type: string)

16645

task_0

-

ERROR

$__binLength (type: integer)

$ErrorCode (type: string)

16646

task_0

-

ERROR

$ComputedRIDValue (type: integer)

$__binLength (type: integer)

$ErrorCode (type: string)

16647

task_0

-

INFO

16648

task_0

-

INFO

$__binLength (type: integer)

$ErrorCode (type: string)

16649

task_0

-

ERROR

$__binLength (type: integer)

$ErrorCode (type: string)

16651

task_0

-

ERROR

$ErrorMessage (type: string)

16652

task_0

-

INFO

16653

task_0

-

WARNING

$Maximum (type: integer)

16654

task_0

-

INFO

16655

task_0

-

INFO

$NewValue (type: integer)

16656

task_0

-

WARNING

$CeilingTriggerRid (type: integer)

16657

task_0

-

ERROR

$CeilingTriggerRid (type: integer)

16658

task_0

-

WARNING

$RemainingRids (type: integer)

16935

task_0

-

ERROR

$ComputerName (type: string)

$__binLength (type: integer)

$ErrorCode (type: string)

16936

task_0

-

ERROR

$ComputerName (type: string)

$__binLength (type: integer)

$ErrorCode (type: string)

16937

task_0

-

INFO

$ComputerName (type: string)

$__binLength (type: integer)

$ErrorCode (type: string)

16944

task_0

-

INFO

$OID (type: string)

$ErrorCode (type: integer)

16945

task_0

-

INFO

$OID (type: string)

$OIDObjectDN (type: string)

$ErrorCode (type: integer)

16946

task_0

-

INFO

$OID (type: string)

16947

task_0

-

ERROR

$OID (type: string)

$OIDObjectDN (type: string)

$GroupDN (type: string)

$GroupGUID (type: string)

$GroupSID (type: string)

$ErrorCode (type: integer)

16948

task_0

-

ERROR

$GroupDN (type: string)

$GroupGUID (type: string)

$GroupSID (type: string)

$Operation (type: string)

$ErrorCode (type: integer)

16949

task_0

-

ERROR

$OIDName (type: string)

$GroupName (type: string)

$GroupGUID (type: string)

$GroupSID (type: string)

$ErrorCode (type: integer)

16950

task_0

-

WARNING

$User (type: string)

$DroppedClaims (type: string)

16951

task_0

-

WARNING

$User (type: string)

$Errorcode (type: integer)

16952

task_0

-

ERROR

$User (type: string)

$Errorcode (type: integer)

16953

task_0

-

ERROR

$NotificationPackage (type: string)

$Registrykey (type: string)

$Registryvalue (type: string)

$Errorcode (type: integer)

16960

task_0

-

INFO

16961

task_0

-

WARNING

16962

task_0

-

INFO

$DefaultSDString (type: string)

16963

task_0

-

INFO

$RegistrySDString (type: string)

16964

task_0

-

WARNING

$MalformedSDString (type: string)

$DefaultSDString (type: string)

16965

task_0

-

WARNING

$ClientSID (type: string)

$ClientNetworkAddress (type: string)

16966

task_0

-

INFO

16967

task_0

-

INFO

16968

task_0

-

WARNING

$ClientSID (type: string)

$ClientNetworkAddress (type: string)

16969

task_0

-

WARNING

$Throttlewindow (type: integer)

$SuppressedMessageCount (type: integer)

16976

task_0

-

ERROR

$Status (type: string)

16977

task_0

-

INFO

$MinimumPasswordLength (type: integer)

$MinimumPasswordLengthAudit (type: integer)

16978

task_0

-

INFO

$AccountName (type: string)

$MinimumPasswordLength (type: integer)

$MinimumPasswordLengthAudit (type: integer)

16979

task_0

-

ERROR

$MinimumPasswordLength (type: integer)

16982

task_0

-

INFO

16983

task_0

-

INFO

16984

task_0

-

INFO

$NumberofRPCmethods (type: integer)

$ThrottleWindow (type: integer)

16985

task_0

-

INFO

$RPCMethod (type: string)

$UserAccountName (type: string)

$ClientSID (type: string)

$ClientNetworkAddress (type: string)

16986

task_0

-

WARNING

$AccountRidHex (type: string)

$AccountRid (type: integer)

$SavedAccountName (type: string)

$DeletedAccountNames (type: string)

16987

task_0

-

WARNING

$AccountRidHex (type: string)

$AccountRid (type: integer)

$DuplicatedAccountNames (type: string)

$RetainedAccountName (type: string)

16990

task_0

-

ERROR

$Accountname (type: string)

$AccountobjectClass (type: string)

$userAccountcontrol (type: integer)

$Calleraddress (type: string)

$CallerSID (type: string)

16991

task_0

-

ERROR

$SamAccountName (type: string)

Microsoft-Windows-DNS-Client

1000

DnsNoServerConfigV4

-

INFO

$Location (type: integer)

$Context (type: integer)

1001

DnsServerForInterface

-

INFO

$Interface (type: string)

$TotalServerCount (type: integer)

$Index (type: integer)

$DynamicAddress (type: integer)

$AddressLength (type: integer)

$Address (type: string)

1002

DnsServerQueryChange

-

INFO

$Interface (type: string)

$AddressLength (type: integer)

$Address (type: string)

1003

DnsServerValidationSuccess

-

INFO

$AddressLength (type: integer)

$Address (type: string)

1005

DnsServerValidationFailure

-

ERROR

$AddressLength (type: integer)

$Address (type: string)

1007

DnsMissingPrimarySuffix

-

ERROR

$ErrorCode (type: integer)

$Location (type: integer)

$Context (type: integer)

1008

DnsMissingPrimarySuffixSystem

-

WARNING

$ErrorCode (type: integer)

$Location (type: integer)

$Context (type: integer)

1009

DnsNonMatchingSuffix

-

ERROR

$DnsSuffix (type: string)

$AdSuffix (type: string)

1010

DnsNonMatchingSuffixSystem

-

WARNING

$DnsSuffix (type: string)

$AdSuffix (type: string)

1011

DnsHostFileError

-

ERROR

$ErrorCode (type: integer)

$Location (type: integer)

$Context (type: integer)

1012

DnsHostFileErrorSystem

-

ERROR

$ErrorCode (type: integer)

$Location (type: integer)

$Context (type: integer)

1013

DnsAllServersTimeout

-

ERROR

$QueryName (type: string)

$AddressLength (type: integer)

$Address (type: string)

1014

DnsAllServersTimeoutSystem

-

WARNING

$QueryName (type: string)

$AddressLength (type: integer)

$Address (type: string)

1015

DnsServerTimeout

-

INFO

$QueryName (type: string)

$AddressLength (type: integer)

$Address (type: string)

1016

DnsNameError

-

INFO

$QueryName (type: string)

$AddressLength (type: integer)

$Address (type: string)

1017

DnsAuthoritativeResponse

-

INFO

$QueryName (type: string)

$AddressLength (type: integer)

$Address (type: string)

1018

DnsLinkLocal

-

INFO

$QueryName (type: string)

$AddressLength (type: integer)

$Address (type: string)

$DnsAddressLength (type: integer)

$DnsAddress (type: string)

1019

DnsNoServerConfigV6

-

INFO

$Location (type: integer)

$Context (type: integer)

1020

DnsReadPolicyTable

-

INFO

$KeyName (type: string)

$DnsSecValidationRequired (type: integer)

$DnsQueryOverIPSec (type: integer)

$DnsEncryption (type: integer)

$DirectAccessServerList (type: string)

$RemoteIPSEC (type: integer)

$RemoteEncryption (type: integer)

$ProxyType (type: integer)

$ProxyName (type: string)

1021

DnsMatchPolicyInfo

-

INFO

$QueryName (type: string)

$KeyName (type: string)

$DnsSecValidationRequired (type: integer)

$DnsQueryOverIPSec (type: integer)

$DnsEncryption (type: integer)

$DirectAccessServerList (type: string)

$ProxyType (type: integer)

$ProxyName (type: string)

1022

DnsSecureNoFallback

-

INFO

$QueryName (type: string)

1023

DnsPolicySystemReadError

-

ERROR

$RuleName (type: string)

$ErrorCode (type: integer)

1024

DnsQueryBadXid

-

INFO

$QueryName (type: string)

$AddressLength (type: integer)

$Address (type: string)

1025

DnsQueryInvalidServerIp

-

INFO

$QueryName (type: string)

$AddressLength (type: integer)

$Address (type: string)

1026

DnsQueryInvalidQuestion

-

INFO

$QueryName (type: string)

$ResponseQuestion (type: string)

$AddressLength (type: integer)

$Address (type: string)

1027

task_0

-

INFO

$QueryName (type: string)

1028

DnsMatchPolicyInfo

-

INFO

$QueryName (type: string)

$KeyName (type: string)

$DnsSecValidationRequired (type: integer)

$DnsQueryOverIPSec (type: integer)

$DnsEncryption (type: integer)

$DirectAccessServerList (type: string)

$ProxyType (type: integer)

$ProxyName (type: string)

$GenericServerList (type: string)

$IdnConfig (type: integer)

3000

task_0

-

INFO

$QueryName (type: string)

$QueryType (type: integer)

$QueryOptions (type: integer)

3001

task_0

-

INFO

$Status (type: integer)

3002

task_0

-

INFO

$QueryName (type: string)

$QueryType (type: integer)

$QueryOptions (type: integer)

3003

task_0

-

INFO

$QueryName (type: string)

$QueryType (type: integer)

$Status (type: integer)

3004

task_0

-

INFO

$QueryName (type: string)

$QueryType (type: integer)

$QueryOptions (type: integer)

3005

task_0

-

INFO

$QueryName (type: string)

$QueryType (type: integer)

$Status (type: integer)

3006

task_0

-

INFO

$QueryName (type: string)

$QueryType (type: integer)

$QueryOptions (type: integer)

$ServerList (type: string)

$IsNetworkQuery (type: integer)

$NetworkQueryIndex (type: integer)

$InterfaceIndex (type: integer)

$IsAsyncQuery (type: integer)

3007

task_0

-

INFO

$QueryName (type: string)

3008

task_0

-

INFO

$QueryName (type: string)

$QueryType (type: integer)

$QueryOptions (type: integer)

$QueryStatus (type: integer)

$QueryResults (type: string)

3009

task_0

-

INFO

$QueryName (type: string)

$IsParallelNetworkQuery (type: integer)

$NetworkIndex (type: integer)

$InterfaceCount (type: integer)

$AdapterName (type: string)

$LocalAddress (type: string)

$DNSServerAddress (type: string)

3010

task_0

-

INFO

$QueryName (type: string)

$QueryType (type: integer)

$DnsServerIpAddress (type: string)

3011

task_0

-

INFO

$QueryName (type: string)

$QueryType (type: integer)

$DnsServerIpAddress (type: string)

$ResponseStatus (type: integer)

3012

task_0

-

INFO

$QueryName (type: string)

$NetworkIndex (type: integer)

$InterfaceCount (type: integer)

$AdapterName (type: string)

$LocalAddress (type: string)

3013

task_0

-

INFO

$QueryName (type: string)

$Status (type: integer)

$QueryResults (type: string)

3014

task_0

-

INFO

$QueryName (type: string)

3015

task_0

-

INFO

$QueryName (type: string)

3016

task_0

-

INFO

$QueryName (type: string)

$QueryType (type: integer)

$QueryOptions (type: integer)

$InterfaceIndex (type: integer)

3018

task_0

-

INFO

$QueryName (type: string)

$QueryType (type: integer)

$QueryOptions (type: integer)

$Status (type: integer)

$QueryResults (type: string)

3019

task_0

-

INFO

$QueryName (type: string)

$QueryType (type: integer)

$InterfaceIndex (type: integer)

$NetworkIndex (type: integer)

3020

task_0

-

INFO

$QueryName (type: string)

$QueryType (type: integer)

$NetworkIndex (type: integer)

$InterfaceIndex (type: integer)

$Status (type: integer)

$QueryResults (type: string)

8001

DnsGenericError

-

ERROR

$ErrorCode (type: integer)

8002

DnsGenericError

-

ERROR

$ErrorCode (type: integer)

8003

DnsRegistration

-

WARNING

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8004

DnsRegistration

-

WARNING

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8005

DnsRegistration

-

WARNING

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8006

DnsRegistration

-

WARNING

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8007

DnsRegistration

-

WARNING

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8008

DnsRegistration

-

WARNING

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8009

DnsRegistration

-

INFO

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8010

DnsRegistration

-

INFO

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8011

DnsRegistration

-

INFO

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8012

DnsRegistration

-

INFO

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8013

DnsRegistration

-

INFO

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8014

DnsRegistration

-

INFO

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8015

DnsRegistration

-

WARNING

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8016

DnsRegistration

-

WARNING

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8017

DnsRegistration

-

WARNING

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8018

DnsRegistration

-

WARNING

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8019

DnsRegistration

-

WARNING

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8020

DnsRegistration

-

WARNING

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8021

DnsRegistration

-

WARNING

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8022

DnsRegistration

-

WARNING

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8023

DnsRegistration

-

WARNING

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8024

DnsRegistration

-

WARNING

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8025

DnsRegistration

-

WARNING

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8026

DnsRegistration

-

WARNING

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8027

DnsRegistration

-

INFO

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8028

DnsRegistration

-

INFO

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8029

DnsRegistration

-

INFO

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8030

DnsRegistration

-

INFO

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8031

DnsRegistration

-

INFO

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8032

DnsRegistration

-

INFO

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8033

DnsRegistration

-

WARNING

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8034

DnsRegistration

-

WARNING

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8035

DnsRegistration

-

WARNING

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8036

DnsRegistration

-

WARNING

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8037

DnsRegistration

-

WARNING

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8038

DnsRegistration

-

WARNING

$AdapterName (type: string)

$HostName (type: string)

$AdapterSuffixName (type: string)

$DnsServerList (type: string)

$SentUpdateServer (type: string)

$Ipaddress (type: string)

$ErrorCode (type: integer)

8040

DnsInterception

-

WARNING

$DllName (type: string)

8042

DnsInterception

-

ERROR

$DllName (type: string)

60004

DnsNetError

-

ERROR

$ErrorCode (type: integer)

$Location (type: integer)

$Context (type: integer)

60005

DnsNetWarning

-

WARNING

$WarningCode (type: integer)

$Location (type: integer)

$Context (type: integer)

60006

DnsStateTransition

-

INFO

$NextState (type: integer)

$Context (type: integer)

60007

DnsContextUpdate

-

INFO

$Context (type: integer)

$UpdateReasonCode (type: integer)

60008

DnsPolicyReadError

-

ERROR

$RuleName (type: string)

$ErrorCode (type: integer)

60101

DnsV4Tuple

-

INFO

$SourceAddress (type: integer)

$SourcePort (type: integer)

$DestinationAddress (type: integer)

$DestinationPort (type: integer)

$Protocol (type: integer)

$ReferenceContext (type: integer)

60102

DnsV6Tuple

-

INFO

$SourceAddress (type: string)

$SourcePort (type: integer)

$DestinationAddress (type: string)

$DestinationPort (type: integer)

$Protocol (type: integer)

$ReferenceContext (type: integer)

60103

DnsInterfaceInfo

-

INFO

$IfGuid (type: string)

$IfIndex (type: integer)

$IfLuid (type: integer)

$ReferenceContext (type: integer)

Microsoft-Windows-Firewall-CPL

101

FwCplInitialize

win:Start

INFO

102

FwCplInitialize

win:Stop

INFO

103

LoadExceptionsInitialize

win:Start

INFO

104

LoadExceptionsInitialize

win:Stop

INFO

105

SetFirewallOn

win:Start

INFO

106

SetFirewallOn

win:Stop

INFO

107

SetFirewallOff

win:Start

INFO

108

SetFirewallOff

win:Stop

INFO

109

AddAppException

win:Start

INFO

110

AddAppException

win:Stop

INFO

111

AddPortException

win:Start

INFO

112

AddPortException

win:Stop

INFO

113

QUInitialize

win:Start

INFO

114

QUInitialize

win:Stop

INFO

115

QUUnblock

win:Start

INFO

116

QUUnblock

win:Stop

INFO

117

QUAskLater

win:Start

INFO

118

QUAskLater

win:Stop

INFO

Microsoft-Windows-Firewall

6400

task_0

-

ERROR

$CallerProcessName (type: string)

$ProcessId (type: integer)

$Publisher (type: string)

Microsoft-Windows-Kernel-Power

1

PowerTransition

win:Start

CRITICAL

$Reason (type: integer)

$Flags (type: integer)

$Time (type: string)

2

PowerTransition

win:Stop

CRITICAL

$Status (type: integer)

$Time (type: string)

3

QueryApps

PhaseStart

INFO

4

QueryApps

PhaseStop

INFO

$Status (type: integer)

5

QueryServices

PhaseStart

INFO

6

QueryServices

PhaseStop

INFO

$Status (type: integer)

7

Irp

win:Start

INFO

$Irp (type: string)

$PowerStateType (type: integer)

$MinorFunction (type: integer)

$TargetDevice (type: string)

$InstanceNameLength (type: integer)

$InstanceName (type: string)

7

Irp

win:Start

INFO

$Irp (type: string)

$PowerStateType (type: integer)

$MinorFunction (type: integer)

$TargetDevice (type: string)

$InstanceNameLength (type: integer)

$InstanceName (type: string)

$PowerState (type: integer)

8

Irp

win:Stop

INFO

$Irp (type: string)

$Status (type: integer)

$FailedDriver (type: string)

9

QueryApps

Veto

INFO

$Pid (type: integer)

$Window (type: string)

$AppNameLength (type: integer)

$AppName (type: string)

10

QueryServices

Veto

INFO

$Pid (type: integer)

$ServiceNameLength (type: integer)

$ServiceName (type: string)

11

IrpWaiting

-

INFO

$Irp (type: string)

12

QueryApps

win:Start

INFO

$Pid (type: integer)

$NameLength (type: integer)

$Name (type: string)

13

QueryApps

win:Stop

INFO

$Pid (type: integer)

14

QueryServices

win:Start

INFO

$NameLength (type: integer)

$Name (type: string)

15

QueryServices

win:Stop

INFO

$NameLength (type: integer)

$Name (type: string)

16

SuspendApps

win:Start

INFO

$Pid (type: integer)

$NameLength (type: integer)

$Name (type: string)

17

SuspendApps

win:Stop

INFO

$Pid (type: integer)

18

SuspendServices

win:Start

INFO

$NameLength (type: integer)

$Name (type: string)

19

SuspendServices

win:Stop

INFO

$NameLength (type: integer)

$Name (type: string)

20

Driver

win:Start

INFO

$Irp (type: string)

$Device (type: string)

$DriverName (type: string)

21

Driver

win:Stop

INFO

$Irp (type: string)

$Device (type: string)

22

SuspendApps

PhaseStart

INFO

23

SuspendApps

PhaseStop

INFO

24

SuspendServices

PhaseStart

INFO

25

SuspendServices

PhaseStop

INFO

26

ResumeApps

PhaseStart

INFO

27

ResumeServices

PhaseStart

INFO

28

ResumeApps

win:Start

INFO

$Pid (type: integer)

$NameLength (type: integer)

$Name (type: string)

29

ResumeServices

win:Start

INFO

$NameLength (type: integer)

$Name (type: string)

30

QueryFailedApps

-

INFO

31

QueryFailedServices

-

INFO

32

QueryFailedApp

-

INFO

$Pid (type: integer)

$NameLength (type: integer)

$Name (type: string)

33

QueryFailedService

-

INFO

$NameLength (type: integer)

$Name (type: string)

34

Hibernate

-

INFO

$Status (type: integer)

35

SuspendDevices

PhaseStart

INFO

$Query (type: boolean)

$TargetState (type: integer)

$EffectiveState (type: integer)

36

SuspendDevices

PhaseStop

INFO

37

WakeDevices

PhaseStart

INFO

38

WakeDevices

PhaseStop

INFO

39

PowerTransition

-

INFO

$SleepTime (type: integer)

$ResumeTime (type: integer)

$DriverWakeTime (type: integer)

$HiberWriteTime (type: integer)

$HiberReadTime (type: integer)

$HiberPagesWritten (type: integer)

$BiosInitTime (type: integer)

40

QueryDrivers

Veto

INFO

$DriverNameLength (type: integer)

$DriverName (type: string)

$InstanceNameLength (type: integer)

$InstanceName (type: string)

41

DirtyTransition

-

CRITICAL

41

DirtyTransition

-

CRITICAL

$BugcheckCode (type: integer)

$BugcheckParameter (type: string)

41

DirtyTransition

-

CRITICAL

$BugcheckCode (type: integer)

$BugcheckParameter1 (type: string)

$BugcheckParameter2 (type: string)

$BugcheckParameter3 (type: string)

$BugcheckParameter4 (type: string)

$SleepInProgress (type: boolean)

$PowerButtonTimestamp (type: integer)

$BootAppStatus (type: integer)

41

DirtyTransition

-

CRITICAL

$BugcheckCode (type: integer)

$BugcheckParameter1 (type: string)

$BugcheckParameter2 (type: string)

$BugcheckParameter3 (type: string)

$BugcheckParameter4 (type: string)

$SleepInProgress (type: integer)

$PowerButtonTimestamp (type: integer)

$BootAppStatus (type: integer)

41

DirtyTransition

-

CRITICAL

$BugcheckCode (type: integer)

$BugcheckParameter1 (type: string)

$BugcheckParameter2 (type: string)

$BugcheckParameter3 (type: string)

$BugcheckParameter4 (type: string)

$SleepInProgress (type: integer)

$PowerButtonTimestamp (type: integer)

$BootAppStatus (type: integer)

$Checkpoint (type: integer)

$ConnectedStandbyInProgress (type: boolean)

$SystemSleepTransitionsToOn (type: integer)

$CsEntryScenarioInstanceId (type: integer)

41

DirtyTransition

-

CRITICAL

$BugcheckCode (type: integer)

$BugcheckParameter1 (type: string)

$BugcheckParameter2 (type: string)

$BugcheckParameter3 (type: string)

$BugcheckParameter4 (type: string)

$SleepInProgress (type: integer)

$PowerButtonTimestamp (type: integer)

$BootAppStatus (type: integer)

$Checkpoint (type: integer)

$ConnectedStandbyInProgress (type: boolean)

$SystemSleepTransitionsToOn (type: integer)

$CsEntryScenarioInstanceId (type: integer)

$BugcheckInfoFromEFI (type: boolean)

41

DirtyTransition

-

CRITICAL

$BugcheckCode (type: integer)

$BugcheckParameter1 (type: string)

$BugcheckParameter2 (type: string)

$BugcheckParameter3 (type: string)

$BugcheckParameter4 (type: string)

$SleepInProgress (type: integer)

$PowerButtonTimestamp (type: integer)

$BootAppStatus (type: integer)

$Checkpoint (type: integer)

$ConnectedStandbyInProgress (type: boolean)

$SystemSleepTransitionsToOn (type: integer)

$CsEntryScenarioInstanceId (type: integer)

$BugcheckInfoFromEFI (type: boolean)

$CheckpointStatus (type: integer)

42

PreSleepNotification

-

INFO

$TargetState (type: integer)

$EffectiveState (type: integer)

42

PreSleepNotification

-

INFO

$TargetState (type: integer)

$EffectiveState (type: integer)

$Reason (type: integer)

$Flags (type: integer)

42

PreSleepNotification

-

INFO

$TargetState (type: integer)

$EffectiveState (type: integer)

$Reason (type: integer)

$Flags (type: integer)

$TransitionsToOn (type: integer)

43

ZeroHiberFile

win:Start

INFO

44

ZeroHiberFile

win:Stop

INFO

45

FlushVolumes

win:Start

INFO

46

FlushVolumes

win:Stop

INFO

47

GracefulShutdown

win:Start

INFO

48

GracefulShutdown

win:Stop

INFO

49

ZeroPageFile

win:Start

INFO

50

ZeroPageFile

win:Stop

INFO

51

IoShutdownSystem

win:Start

INFO

52

IoShutdownSystem

win:Stop

INFO

53

WaitForProcesses

win:Start

INFO

54

WaitForProcesses

win:Stop

INFO

55

CmShutdownSystem

win:Start

INFO

56

CmShutdownSystem

win:Stop

INFO

57

ShowUI

PhaseStart

INFO

58

ShowUI

PhaseStop

INFO

59

AwayMode

-

INFO

60

UserQueryAllowed

-

INFO

$Value (type: boolean)

61

KernelQueryAllowed

-

INFO

$Value (type: boolean)

62

SetExecutionState

-

INFO

$ExecutionState (type: integer)

$AppNameLength (type: integer)

$AppName (type: string)

62

SetExecutionState

-

INFO

$ExecutionState (type: integer)

$AppNameLength (type: integer)

$AppName (type: string)

$Pid (type: integer)

$Tid (type: integer)

63

SystemTimeResolutionChange

-

INFO

$ExecutionState (type: integer)

$AppNameLength (type: integer)

$AppName (type: string)

63

SystemTimeResolutionChange

-

INFO

$RequestedResolution (type: integer)

$Pid (type: integer)

$AppNameLength (type: integer)

$AppName (type: string)

$SubProcessTag (type: integer)

64

Superfetch

PhaseStart

INFO

65

Superfetch

PhaseStop

INFO

66

Winlogon

PhaseStart

INFO

67

Winlogon

PhaseStop

INFO

68

PreSleepCallbacks

PhaseStart

INFO

69

PreSleepCallbacks

PhaseStop

INFO

70

HideUI

PhaseStart

INFO

71

HideUI

PhaseStop

INFO

72

IdleCheck

-

INFO

$Threshold (type: integer)

$LowestIdleness (type: integer)

$AverageIdleness (type: integer)

$AccruedIdleTime (type: integer)

$NonIdleIgnored (type: boolean)

$IdleToSleep (type: boolean)

$NonIdleReferences (type: boolean)

73

SetSystemState

-

INFO

$ExecutionState (type: integer)

74

RegisterSystemState

-

INFO

$ExecutionState (type: integer)

$StateHandle (type: string)

75

DeviceIdle

win:Start

INFO

76

DeviceIdle

win:Stop

INFO

77

DeviceIdleCheck

-

INFO

$Device (type: string)

$Pdo (type: string)

$InstancePathLength (type: integer)

$InstancePath (type: string)

$ConservativeTimeout (type: integer)

$PerformanceTimeout (type: integer)

$IdleTime (type: integer)

$BusyCount (type: integer)

$TotalBusyCount (type: integer)

$IdlePowerState (type: integer)

$CurrentPowerState (type: integer)

78

DiskIdleCheck

-

INFO

$Device (type: string)

$Timeout (type: integer)

$IgnoreThreshold (type: integer)

$IdleTime (type: integer)

$NonIdleTime (type: integer)

79

SkipTick

-

INFO

$Disabled (type: boolean)

$Overridden (type: boolean)

80

CoolingModeChange

-

INFO

$ThermalZoneDeviceInstanceLength (type: integer)

$ThermalZoneDeviceInstance (type: string)

$CoolingModeLength (type: integer)

$CoolingMode (type: string)

81

PassiveCoolingDiagnostic

-

INFO

$ThermalZoneDeviceInstanceLength (type: integer)

$ThermalZoneDeviceInstance (type: string)

$EventTime (type: string)

$PassiveCoolingStateLength (type: integer)

$PassiveCoolingState (type: string)

$AffinityCount (type: integer)

$_PSV (type: integer)

$_TMP (type: integer)

$_TC1 (type: integer)

$_TC2 (type: integer)

$_TSP (type: integer)

$DeltaP (type: integer)

$_PSL (type: boolean)

82

PassiveCoolingOperational

-

INFO

$ThermalZoneDeviceInstanceLength (type: integer)

$ThermalZoneDeviceInstance (type: string)

$EventTime (type: string)

$PassiveCoolingStateLength (type: integer)

$PassiveCoolingState (type: string)

$AffinityCount (type: integer)

$_PSV (type: integer)

$_TMP (type: integer)

$_TC1 (type: integer)

$_TC2 (type: integer)

$_TSP (type: integer)

$DeltaP (type: integer)

$_PSL (type: boolean)

83

ActiveCoolingDiagnostic

-

INFO

$ThermalZoneDeviceInstanceLength (type: integer)

$ThermalZoneDeviceInstance (type: string)

$EventTime (type: string)

$ActiveCoolingStateLength (type: integer)

$ActiveCoolingState (type: string)

$_AC0 (type: integer)

$_AC1 (type: integer)

$_AC2 (type: integer)

$_AC3 (type: integer)

$_AC4 (type: integer)

$_AC5 (type: integer)

$_AC6 (type: integer)

$_AC7 (type: integer)

$_AC8 (type: integer)

$_AC9 (type: integer)

$_TMP (type: integer)

84

ActiveCoolingOperational

-

INFO

$ThermalZoneDeviceInstanceLength (type: integer)

$ThermalZoneDeviceInstance (type: string)

$EventTime (type: string)

$ActiveCoolingStateLength (type: integer)

$ActiveCoolingState (type: string)

$_AC0 (type: integer)

$_AC1 (type: integer)

$_AC2 (type: integer)

$_AC3 (type: integer)

$_AC4 (type: integer)

$_AC5 (type: integer)

$_AC6 (type: integer)

$_AC7 (type: integer)

$_AC8 (type: integer)

$_AC9 (type: integer)

$_TMP (type: integer)

85

CriticalTripPointExceededDiagnostic

-

ERROR

$ThermalZoneDeviceInstanceLength (type: integer)

$ThermalZoneDeviceInstance (type: string)

$ShutdownTime (type: string)

$_CRT (type: integer)

86

CriticalTripPointExceededSystem

-

ERROR

$ThermalZoneDeviceInstanceLength (type: integer)

$ThermalZoneDeviceInstance (type: string)

$ShutdownTime (type: string)

$_CRT (type: integer)

87

S4TripPointExceededDiagnostic

-

ERROR

$ThermalZoneDeviceInstanceLength (type: integer)

$ThermalZoneDeviceInstance (type: string)

$HibernateTime (type: string)

$_HOT (type: integer)

88

S4TripPointExceededSystem

-

ERROR

$ThermalZoneDeviceInstanceLength (type: integer)

$ThermalZoneDeviceInstance (type: string)

$HibernateTime (type: string)

$_HOT (type: integer)

89

ThermalZoneEnumerated

-

INFO

$ThermalZoneDeviceInstanceLength (type: integer)

$ThermalZoneDeviceInstance (type: string)

$AffinityCount (type: integer)

$_PSV (type: integer)

$_TC1 (type: integer)

$_TC2 (type: integer)

$_TSP (type: integer)

$_AC0 (type: integer)

$_AC1 (type: integer)

$_AC2 (type: integer)

$_AC3 (type: integer)

$_AC4 (type: integer)

$_AC5 (type: integer)

$_AC6 (type: integer)

$_AC7 (type: integer)

$_AC8 (type: integer)

$_AC9 (type: integer)

$_CRT (type: integer)

$_HOT (type: integer)

$_PSL (type: string)

90

IllegalProcessorThrottleDiagnostic

-

WARNING

$ProcessorId (type: integer)

$ThrottleMSR (type: string)

$ElapsedTime (type: integer)

$LogInterval (type: integer)

91

IllegalProcessorThrottleOperational

-

WARNING

$ProcessorId (type: integer)

$ThrottleMSR (type: string)

$ElapsedTime (type: integer)

$LogInterval (type: integer)

92

CreatePowerRequest

-

INFO

$Token (type: string)

$Type (type: integer)

$ProcessID (type: integer)

$SessionID (type: integer)

$Legacy (type: boolean)

$SystemAllowed (type: boolean)

$DisplayAllowed (type: boolean)

$AwayModeAllowed (type: boolean)

$SystemCount (type: integer)

$DisplayCount (type: integer)

$AwayModeCount (type: integer)

$CallerLength (type: integer)

$ContextLength (type: integer)

$Caller (type: string)

$Context (type: string)

92

CreatePowerRequest

-

INFO

$Token (type: string)

$Type (type: integer)

$ProcessID (type: integer)

$SessionID (type: integer)

$Legacy (type: boolean)

$SystemAllowed (type: boolean)

$DisplayAllowed (type: boolean)

$AwayModeAllowed (type: boolean)

$SystemCount (type: integer)

$DisplayCount (type: integer)

$AwayModeCount (type: integer)

$CallerLength (type: integer)

$ContextLength (type: integer)

$Caller (type: string)

$Context (type: string)

$ExecutionRequiredAllowed (type: boolean)

$PerformanceBoostAllowed (type: boolean)

$FullScreenVideoAllowed (type: boolean)

$ExecutionRequiredCount (type: integer)

$PerformanceBoostCount (type: integer)

$FullScreenVideoCount (type: integer)

93

ChangePowerRequest

-

INFO

$Token (type: string)

$SystemCount (type: integer)

$DisplayCount (type: integer)

$AwayModeCount (type: integer)

93

ChangePowerRequest

-

INFO

$Token (type: string)

$SystemCount (type: integer)

$DisplayCount (type: integer)

$AwayModeCount (type: integer)

$ExecutionRequiredCount (type: integer)

$PerformanceBoostCount (type: integer)

$FullScreenVideoCount (type: integer)

94

ClosePowerRequest

-

INFO

$Token (type: string)

95

SystemTimeResolutionUpdate

-

INFO

$NewResolution (type: integer)

96

SystemTimeResolutionRundown

-

INFO

$CurrentPeriod (type: integer)

$MinimumPeriod (type: integer)

$MaximumPeriod (type: integer)

$KernelRequestCount (type: integer)

$KernelRequestedPeriod (type: integer)

96

SystemTimeResolutionRundown

-

INFO

$CurrentPeriod (type: integer)

$MinimumPeriod (type: integer)

$MaximumPeriod (type: integer)

$KernelRequestCount (type: integer)

$KernelRequestedPeriod (type: integer)

$InternalSetPeriod (type: integer)

97

SystemTimeResolutionRequestRundown

-

INFO

$RequestedPeriod (type: integer)

$Pid (type: integer)

$AppNameLength (type: integer)

$AppName (type: string)

98

SystemTimeResolutionKernelChange

-

INFO

$RequestedResolution (type: integer)

98

SystemTimeResolutionKernelChange

-

INFO

$RequestedResolution (type: integer)

$Tag (type: integer)

99

PowerRequestRundown

-

INFO

$Token (type: string)

$Type (type: integer)

$ProcessID (type: integer)

$SessionID (type: integer)

$Legacy (type: boolean)

$SystemAllowed (type: boolean)

$DisplayAllowed (type: boolean)

$AwayModeAllowed (type: boolean)

$SystemCount (type: integer)

$DisplayCount (type: integer)

$AwayModeCount (type: integer)

$CallerLength (type: integer)

$ContextLength (type: integer)

$Caller (type: string)

$Context (type: string)

99

PowerRequestRundown

-

INFO

$Token (type: string)

$Type (type: integer)

$ProcessID (type: integer)

$SessionID (type: integer)

$Legacy (type: boolean)

$SystemAllowed (type: boolean)

$DisplayAllowed (type: boolean)

$AwayModeAllowed (type: boolean)

$SystemCount (type: integer)

$DisplayCount (type: integer)

$AwayModeCount (type: integer)

$CallerLength (type: integer)

$ContextLength (type: integer)

$Caller (type: string)

$Context (type: string)

$ExecutionRequiredAllowed (type: boolean)

$PerformanceBoostAllowed (type: boolean)

$FullScreenVideoAllowed (type: boolean)

$ExecutionRequiredCount (type: integer)

$PerformanceBoostCount (type: integer)

$FullScreenVideoCount (type: integer)

100

FlushAllPages

PhaseStart

INFO

101

FlushAllPages

PhaseStop

INFO

102

BuildNotifyList

PhaseStart

INFO

103

BuildNotifyList

PhaseStop

INFO

104

SleepDisableReasonRundown

-

INFO

$AffectedState (type: integer)

$PowerReasonCode (type: integer)

$PowerReasonLength (type: integer)

$PowerReasonInfo (type: string)

105

AcDcStateChange

-

INFO

$AcOnline (type: boolean)

105

AcDcStateChange

-

INFO

$AcOnline (type: boolean)

$RemainingCapacity (type: integer)

$FullChargeCapacity (type: integer)

106

AcDcStateRundown

-

INFO

$AcOnline (type: boolean)

107

PostSleepNotification

-

INFO

$TargetState (type: integer)

$EffectiveState (type: integer)

$WakeFromState (type: integer)

107

PostSleepNotification

-

INFO

$TargetState (type: integer)

$EffectiveState (type: integer)

$WakeFromState (type: integer)

$ProgrammedWakeTimeAc (type: string)

$ProgrammedWakeTimeDc (type: string)

$WakeRequesterTypeAc (type: integer)

$WakeRequesterTypeDc (type: integer)

108

PowerTransition

-

INFO

$CopyBytes (type: integer)

$ElapsedTime (type: integer)

$IoTime (type: integer)

$InitTime (type: integer)

$CopyTime (type: integer)

$PagesWritten (type: integer)

$PagesProcessed (type: integer)

$DumpCount (type: integer)

$FileRuns (type: integer)

$ReadTime (type: integer)

$ResumeAppTime (type: integer)

$CompressTime (type: integer)

109

ShutdownAction

-

INFO

$ShutdownActionType (type: integer)

$ShutdownEventCode (type: integer)

$ShutdownReason (type: integer)

110

SystemTimerResolutionStackRundown

-

INFO

$RequestedPeriod (type: integer)

$Pid (type: integer)

$AppNameLength (type: integer)

$AppName (type: string)

$StackSize (type: integer)

$Stack (type: string)

111

PowerSettingRundown

-

INFO

$SettingGuid (type: string)

$DataSize (type: integer)

$Data (type: string)

111

PowerSettingRundown

-

INFO

$SettingGuid (type: string)

$DataSize (type: integer)

$Data (type: string)

$Override (type: boolean)

112

PowerSettingChange

-

INFO

$SettingGuid (type: string)

$DataSize (type: integer)

$Data (type: string)

112

PowerSettingChange

-

INFO

$SettingGuid (type: string)

$DataSize (type: integer)

$Data (type: string)

$Override (type: boolean)

113

PassiveCoolingDiagnostic

-

INFO

$ThermalZoneDeviceInstanceLength (type: integer)

$ThermalZoneDeviceInstance (type: string)

$EventTime (type: string)

$PassiveCoolingState (type: integer)

$_PSV (type: integer)

$_TMP (type: integer)

$_TC1 (type: integer)

$_TC2 (type: integer)

$_TSP (type: integer)

$DeltaP (type: integer)

113

PassiveCoolingDiagnostic

-

INFO

$ThermalZoneDeviceInstanceLength (type: integer)

$ThermalZoneDeviceInstance (type: string)

$EventTime (type: string)

$PassiveCoolingState (type: integer)

$_PSV (type: integer)

$_TMP (type: integer)

$_TC1 (type: integer)

$_TC2 (type: integer)

$_TSP (type: integer)

$DeltaP (type: integer)

$MinimumThrottle (type: integer)

114

PassiveCoolingOperational

-

INFO

$ThermalZoneDeviceInstanceLength (type: integer)

$ThermalZoneDeviceInstance (type: string)

$EventTime (type: string)

$PassiveCoolingState (type: integer)

$_PSV (type: integer)

$_TMP (type: integer)

$_TC1 (type: integer)

$_TC2 (type: integer)

$_TSP (type: integer)

$DeltaP (type: integer)

114

PassiveCoolingOperational

-

INFO

$ThermalZoneDeviceInstanceLength (type: integer)

$ThermalZoneDeviceInstance (type: string)

$EventTime (type: string)

$PassiveCoolingState (type: integer)

$_PSV (type: integer)

$_TMP (type: integer)

$_TC1 (type: integer)

$_TC2 (type: integer)

$_TSP (type: integer)

$DeltaP (type: integer)

$MinimumThrottle (type: integer)

115

ActiveCoolingDiagnostic

-

INFO

$ThermalZoneDeviceInstanceLength (type: integer)

$ThermalZoneDeviceInstance (type: string)

$EventTime (type: string)

$ActiveCoolingState (type: integer)

$_AC0 (type: integer)

$_AC1 (type: integer)

$_AC2 (type: integer)

$_AC3 (type: integer)

$_AC4 (type: integer)

$_AC5 (type: integer)

$_AC6 (type: integer)

$_AC7 (type: integer)

$_AC8 (type: integer)

$_AC9 (type: integer)

$_TMP (type: integer)

116

ActiveCoolingOperational

-

INFO

$ThermalZoneDeviceInstanceLength (type: integer)

$ThermalZoneDeviceInstance (type: string)

$EventTime (type: string)

$ActiveCoolingState (type: integer)

$_AC0 (type: integer)

$_AC1 (type: integer)

$_AC2 (type: integer)

$_AC3 (type: integer)

$_AC4 (type: integer)

$_AC5 (type: integer)

$_AC6 (type: integer)

$_AC7 (type: integer)

$_AC8 (type: integer)

$_AC9 (type: integer)

$_TMP (type: integer)

117

PowerTransition

-

INFO

$TotalResumeTime (type: integer)

$POSTTime (type: integer)

$ResumeBootMgrTime (type: integer)

$ResumeAppTime (type: integer)

$ResumeAppStartTime (type: integer)

$ResumeLibraryInitTime (type: integer)

$ResumeInitTime (type: integer)

$ResumeHiberFileTime (type: integer)

$ResumeRestoreImageStartTimestamp (type: integer)

$ResumeIoTime (type: integer)

$ResumeDecompressTime (type: integer)

$ResumeMapTime (type: integer)

$ResumeUnmapTime (type: integer)

$ResumeUserInOutTime (type: integer)

$ResumeAllocateTime (type: integer)

$ResumeKernelSwitchTimestamp (type: integer)

$KernelReturnFromHandlerTimestamp (type: integer)

$SleeperThreadEndTimestamp (type: integer)

$TimeStampCounterAtSwitchTime (type: integer)

$KernelReturnSystemPowerStateTimestamp (type: integer)

$HiberHiberFileTime (type: integer)

$InitTime (type: integer)

$HiberSharedBufferTime (type: integer)

$TotalHibernateTime (type: integer)

$KernelResumeHiberFileTime (type: integer)

$KernelResumeInitTime (type: integer)

$KernelResumeSharedBufferTime (type: integer)

$DeviceResumeTime (type: integer)

$KernelAnimationTime (type: integer)

$KernelPagesProcessed (type: integer)

$KernelPagesWritten (type: integer)

$BootPagesProcessed (type: integer)

$BootPagesWritten (type: integer)

$HiberWriteRate (type: integer)

$HiberCompressRate (type: integer)

$ResumeReadRate (type: integer)

$ResumeDecompressRate (type: integer)

$FileRuns (type: integer)

$NoMultiStageResumeReason (type: integer)

$MaxHuffRatio (type: integer)

117

PowerTransition

-

INFO

$TotalResumeTime (type: integer)

$POSTTime (type: integer)

$ResumeBootMgrTime (type: integer)

$ResumeAppTime (type: integer)

$ResumeAppStartTime (type: integer)

$ResumeLibraryInitTime (type: integer)

$ResumeInitTime (type: integer)

$ResumeHiberFileTime (type: integer)

$ResumeRestoreImageStartTimestamp (type: integer)

$ResumeIoTime (type: integer)

$ResumeDecompressTime (type: integer)

$ResumeMapTime (type: integer)

$ResumeUnmapTime (type: integer)

$ResumeUserInOutTime (type: integer)

$ResumeAllocateTime (type: integer)

$ResumeKernelSwitchTimestamp (type: integer)

$KernelReturnFromHandlerTimestamp (type: integer)

$SleeperThreadEndTimestamp (type: integer)

$TimeStampCounterAtSwitchTime (type: integer)

$KernelReturnSystemPowerStateTimestamp (type: integer)

$HiberHiberFileTime (type: integer)

$InitTime (type: integer)

$HiberSharedBufferTime (type: integer)

$TotalHibernateTime (type: integer)

$KernelResumeHiberFileTime (type: integer)

$KernelResumeInitTime (type: integer)

$KernelResumeSharedBufferTime (type: integer)

$DeviceResumeTime (type: integer)

$KernelAnimationTime (type: integer)

$KernelPagesProcessed (type: integer)

$KernelPagesWritten (type: integer)

$BootPagesProcessed (type: integer)

$BootPagesWritten (type: integer)

$HiberWriteRate (type: integer)

$HiberCompressRate (type: integer)

$ResumeReadRate (type: integer)

$ResumeDecompressRate (type: integer)

$FileRuns (type: integer)

$NoMultiStageResumeReason (type: integer)

$MaxHuffRatio (type: integer)

$SecurePagesProcessed (type: integer)

$HiberChecksumTime (type: integer)

$HiberChecksumIoTime (type: integer)

$ResumeChecksumTime (type: integer)

$ResumeChecksumIoTime (type: integer)

$KernelChecksumTime (type: integer)

$KernelChecksumIoTime (type: integer)

118

IdleResiliencyStart

-

INFO

$RequestedResolution (type: integer)

$Flags (type: integer)

$Ticks (type: integer)

119

IdleResiliencyEnd

-

INFO

$RequestedResolution (type: integer)

$Flags (type: integer)

$Ticks (type: integer)

120

PowerTransition

-

INFO

$HiberfileSizeKB (type: integer)

$TotalHibernateTime (type: integer)

$HiberHiberFileTime (type: integer)

121

PowerTransition

-

INFO

$DriverWakeTime (type: integer)

$TotalResumeTime (type: integer)

$BiosInitTime (type: integer)

121

PowerTransition

-

INFO

$DriverWakeTime (type: integer)

$TotalResumeTime (type: integer)

$BiosInitTime (type: integer)

$ResumeAppsTime (type: integer)

$ResumeServicesTime (type: integer)

122

PowerTransition

-

INFO

$TotalResumeTime (type: integer)

$PhasePagesWrittenMB (type: integer)

$ResumeAppAndKernelResumeHiberFileTime (type: integer)

$POSTAndDeviceResumeTime (type: integer)

$RatesAndResumeAppsServicesTime (type: integer)

$PhasePagesProcessedMB (type: integer)

123

PowerTransition

-

INFO

$HiberfileSize (type: integer)

$TotalHybridShutdownTime (type: integer)

$HiberfileCreateTime (type: integer)

$SystemShutdownTime (type: integer)

124

PowerTransition

-

INFO

$TotalResumeTime (type: integer)

$PhasePagesWrittenMB (type: integer)

$ResumeAppAndKernelResumeHiberFileTime (type: integer)

$POSTAndDeviceResumeTime (type: integer)

$RatesAndResumeAppsServicesTime (type: integer)

$PhasePagesProcessedMB (type: integer)

125

ThermalZoneEnumerated

-

INFO

$ThermalZoneDeviceInstanceLength (type: integer)

$ThermalZoneDeviceInstance (type: string)

$_PSV (type: integer)

$_TC1 (type: integer)

$_TC2 (type: integer)

$_TSP (type: integer)

$_AC0 (type: integer)

$_AC1 (type: integer)

$_AC2 (type: integer)

$_AC3 (type: integer)

$_AC4 (type: integer)

$_AC5 (type: integer)

$_AC6 (type: integer)

$_AC7 (type: integer)

$_AC8 (type: integer)

$_AC9 (type: integer)

$_CRT (type: integer)

$_HOT (type: integer)

125

ThermalZoneEnumerated

-

INFO

$ThermalZoneDeviceInstanceLength (type: integer)

$ThermalZoneDeviceInstance (type: string)

$_PSV (type: integer)

$_TC1 (type: integer)

$_TC2 (type: integer)

$_TSP (type: integer)

$_AC0 (type: integer)

$_AC1 (type: integer)

$_AC2 (type: integer)

$_AC3 (type: integer)

$_AC4 (type: integer)

$_AC5 (type: integer)

$_AC6 (type: integer)

$_AC7 (type: integer)

$_AC8 (type: integer)

$_AC9 (type: integer)

$_CRT (type: integer)

$_HOT (type: integer)

$MinimumThrottle (type: integer)

125

ThermalZoneEnumerated

-

INFO

$ThermalZoneDeviceInstanceLength (type: integer)

$ThermalZoneDeviceInstance (type: string)

$_PSV (type: integer)

$_TC1 (type: integer)

$_TC2 (type: integer)

$_TSP (type: integer)

$_AC0 (type: integer)

$_AC1 (type: integer)

$_AC2 (type: integer)

$_AC3 (type: integer)

$_AC4 (type: integer)

$_AC5 (type: integer)

$_AC6 (type: integer)

$_AC7 (type: integer)

$_AC8 (type: integer)

$_AC9 (type: integer)

$_CRT (type: integer)

$_HOT (type: integer)

$MinimumThrottle (type: integer)

$_CR3 (type: integer)

$OverThrottleThreshold (type: integer)

125

ThermalZoneEnumerated

-

INFO

$ThermalZoneDeviceInstanceLength (type: integer)

$ThermalZoneDeviceInstance (type: string)

$_PSV (type: integer)

$_TC1 (type: integer)

$_TC2 (type: integer)

$_TSP (type: integer)

$_AC0 (type: integer)

$_AC1 (type: integer)

$_AC2 (type: integer)

$_AC3 (type: integer)

$_AC4 (type: integer)

$_AC5 (type: integer)

$_AC6 (type: integer)

$_AC7 (type: integer)

$_AC8 (type: integer)

$_AC9 (type: integer)

$_CRT (type: integer)

$_HOT (type: integer)

$MinimumThrottle (type: integer)

$_CR3 (type: integer)

$OverThrottleThreshold (type: integer)

$DescriptionLength (type: integer)

$Description (type: string)

125

ThermalZoneEnumerated

-

INFO

$ThermalZoneDeviceInstanceLength (type: integer)

$ThermalZoneDeviceInstance (type: string)

$_PSV (type: integer)

$_TC1 (type: integer)

$_TC2 (type: integer)

$_TSP (type: integer)

$_AC0 (type: integer)

$_AC1 (type: integer)

$_AC2 (type: integer)

$_AC3 (type: integer)

$_AC4 (type: integer)

$_AC5 (type: integer)

$_AC6 (type: integer)

$_AC7 (type: integer)

$_AC8 (type: integer)

$_AC9 (type: integer)

$_CRT (type: integer)

$_HOT (type: integer)

$MinimumThrottle (type: integer)

$_CR3 (type: integer)

$OverThrottleThreshold (type: integer)

$DescriptionLength (type: integer)

$Description (type: string)

$_TZP (type: integer)

126

task_0

-

INFO

$Level (type: integer)

$MinorFunction (type: integer)

127

task_0

-

INFO

$Level (type: integer)

$MinorFunction (type: integer)

128

task_0

-

INFO

$Level (type: integer)

$MinorFunction (type: integer)

129

task_0

-

INFO

$Level (type: integer)

$MinorFunction (type: integer)

130

PowerTransition

-

INFO

$SuspendStart (type: integer)

$SuspendEnd (type: integer)

131

PowerTransition

-

INFO

$ResumeCount (type: integer)

$FullResume (type: integer)

$AverageResume (type: integer)

132

FirmwarePlatformRoleRundown

-

INFO

$PlatformRole (type: integer)

133

ResumeApps

PhaseStop

INFO

134

ResumeServices

PhaseStop

INFO

135

task_0

-

INFO

$DisplayState (type: integer)

136

DeviceRundown

-

INFO

$DeviceNode (type: string)

$PowerState (type: integer)

$InstancePathLength (type: integer)

$InstancePath (type: string)

$FriendlyNameLength (type: integer)

$FriendlyName (type: string)

137

task_0

-

ERROR

$SleepState (type: integer)

138

ThermalPerfTrack

-

INFO

$Throttle (type: integer)

$Temperature (type: integer)

$ZoneLength (type: integer)

$Zone (type: string)

139

ThermalDurationPerfTrack

-

INFO

$ThrottleDuration (type: integer)

$ZoneLength (type: integer)

$Zone (type: string)

140

CsConsumptionPerfTrack

-

INFO

$EnergyDrain (type: integer)

$Duration (type: integer)

$DripsTransitions (type: integer)

$Flags (type: integer)

141

CsFanPerfTrack

-

INFO

$FanDuration (type: integer)

$ActivationDelay (type: integer)

142

AbnormalReset

-

CRITICAL

$ResetReasonMask (type: integer)

143

CsDripsWatchdogPerfTrack

-

INFO

$ResiliencyPhaseNonActivatedNoDripsMs (type: integer)

$NonActivatedCpuTimeMs (type: integer)

$DurationThisPeriodMs (type: integer)

$ActionsTakenAndOnAc (type: integer)

144

ThermalEvent

-

INFO

$InitiatorLength (type: integer)

$Initiator (type: string)

$Type (type: integer)

$Temperature (type: integer)

$TripPointTemperature (type: integer)

145

ThermalZoneRundown

-

INFO

$ThermalZoneDeviceInstanceLength (type: integer)

$ThermalZoneDeviceInstance (type: string)

$ActiveCoolingState (type: integer)

$ActivePoint (type: integer)

$PassiveCoolingState (type: integer)

$ThrottleLimit (type: integer)

145

ThermalZoneRundown

-

INFO

$ThermalZoneDeviceInstanceLength (type: integer)

$ThermalZoneDeviceInstance (type: string)

$ActiveCoolingState (type: integer)

$ActivePoint (type: integer)

$PassiveCoolingState (type: integer)

$ThrottleLimit (type: integer)

$ThermalStandby (type: boolean)

$OverThrottled (type: boolean)

145

ThermalZoneRundown

-

INFO

$ThermalZoneDeviceInstanceLength (type: integer)

$ThermalZoneDeviceInstance (type: string)

$ActiveCoolingState (type: integer)

$ActivePoint (type: integer)

$PassiveCoolingState (type: integer)

$ThrottleLimit (type: integer)

$ThermalStandby (type: boolean)

$OverThrottled (type: boolean)

$DescriptionLength (type: integer)

$Description (type: string)

146

PowerSettingCallback

win:Start

INFO

$Callback (type: string)

$SettingGuid (type: string)

$DataSize (type: integer)

$Data (type: string)

147

PowerSettingCallback

win:Stop

INFO

$Callback (type: string)

$SettingGuid (type: string)

148

EnergySaverState

-

INFO

$State (type: integer)

$Reason (type: integer)

149

SessionDisplayOff

-

INFO

$Session (type: integer)

$Console (type: boolean)

$Reason (type: integer)

150

SessionDisplayOn

-

INFO

$Session (type: integer)

$Console (type: boolean)

$Reason (type: integer)

151

CoolingExtensionAdd

-

INFO

$PassiveSupported (type: boolean)

$ActiveSupported (type: boolean)

$Throttle (type: integer)

$ActiveEngaged (type: boolean)

$Token (type: string)

$DeviceIdLength (type: integer)

$DeviceId (type: string)

152

CoolingExtensionRundown

-

INFO

$PassiveSupported (type: boolean)

$ActiveSupported (type: boolean)

$Throttle (type: integer)

$ActiveEngaged (type: boolean)

$Token (type: string)

$DeviceIdLength (type: integer)

$DeviceId (type: string)

153

CoolingExtensionRemove

-

INFO

$PassiveSupported (type: boolean)

$ActiveSupported (type: boolean)

$Throttle (type: integer)

$ActiveEngaged (type: boolean)

$Token (type: string)

$DeviceIdLength (type: integer)

$DeviceId (type: string)

154

CoolingExtensionPassiveUpdate

-

INFO

$Throttle (type: integer)

$Token (type: string)

155

CoolingExtensionActiveUpdate

-

INFO

$ActiveEngaged (type: boolean)

$Token (type: string)

156

ThermalRequestAdd

-

INFO

$Throttle (type: integer)

$ActiveEngaged (type: boolean)

$Token (type: string)

$DeviceIdLength (type: integer)

$CallerLength (type: integer)

$ContextLength (type: integer)

$PolicyLength (type: integer)

$DeviceId (type: string)

$Caller (type: string)

$Context (type: string)

$Policy (type: string)

157

ThermalRequestRundown

-

INFO

$Throttle (type: integer)

$ActiveEngaged (type: boolean)

$Token (type: string)

$DeviceIdLength (type: integer)

$CallerLength (type: integer)

$ContextLength (type: integer)

$PolicyLength (type: integer)

$DeviceId (type: string)

$Caller (type: string)

$Context (type: string)

$Policy (type: string)

158

ThermalRequestRemove

-

INFO

$Throttle (type: integer)

$ActiveEngaged (type: boolean)

$Token (type: string)

$DeviceIdLength (type: integer)

$CallerLength (type: integer)

$ContextLength (type: integer)

$PolicyLength (type: integer)

$DeviceId (type: string)

$Caller (type: string)

$Context (type: string)

$Policy (type: string)

159

ThermalRequestPassiveUpdate

-

INFO

$Throttle (type: integer)

$Token (type: string)

160

ThermalRequestActiveUpdate

-

INFO

$ActiveEngaged (type: boolean)

$Token (type: string)

161

CsDripsWatchdog

-

INFO

$ResiliencyPhaseNonActivatedNoDripsMs (type: integer)

$NonActivatedCpuTimeMs (type: integer)

$DurationThisPeriodMs (type: integer)

$OnAc (type: boolean)

$EnergyDrainMw (type: integer)

$DeviceConstraint (type: boolean)

$ActionsTaken (type: integer)

$DeviceServiceNameLength (type: integer)

$DeviceServiceName (type: string)

$ChildServiceNameLength (type: integer)

$ChildServiceName (type: string)

161

CsDripsWatchdog

-

INFO

$ResiliencyPhaseNonActivatedNoDripsMs (type: integer)

$NonActivatedCpuTimeMs (type: integer)

$DurationThisPeriodMs (type: integer)

$OnAc (type: boolean)

$EnergyDrainMw (type: integer)

$DeviceConstraint (type: boolean)

$ActionsTaken (type: integer)

$DeviceServiceNameLength (type: integer)

$DeviceServiceName (type: string)

$ChildServiceNameLength (type: integer)

$ChildServiceName (type: string)

$PepPreVeto (type: integer)

161

CsDripsWatchdog

-

INFO

$ResiliencyPhaseNonActivatedNoDripsMs (type: integer)

$NonActivatedCpuTimeMs (type: integer)

$DurationThisPeriodMs (type: integer)

$OnAc (type: boolean)

$EnergyDrainMw (type: integer)

$DeviceConstraint (type: boolean)

$ActionsTaken (type: integer)

$DeviceServiceNameLength (type: integer)

$DeviceServiceName (type: string)

$ChildServiceNameLength (type: integer)

$ChildServiceName (type: string)

$PepPreVeto (type: integer)

$InvocationCount (type: integer)

161

CsDripsWatchdog

-

INFO

$ResiliencyPhaseNonActivatedNoDripsMs (type: integer)

$NonActivatedCpuTimeMs (type: integer)

$DurationThisPeriodMs (type: integer)

$OnAc (type: boolean)

$EnergyDrainMw (type: integer)

$DeviceConstraint (type: boolean)

$ActionsTaken (type: integer)

$DeviceServiceNameLength (type: integer)

$DeviceServiceName (type: string)

$ChildServiceNameLength (type: integer)

$ChildServiceName (type: string)

$PepPreVeto (type: integer)

$InvocationCount (type: integer)

162

ThermalZoneThermalStandbyUpdate

-

INFO

$ThermalZoneDeviceInstanceLength (type: integer)

$ThermalZoneDeviceInstance (type: string)

$Engaged (type: boolean)

163

ThermalZoneOverthrottledUpdate

-

INFO

$ThermalZoneDeviceInstanceLength (type: integer)

$ThermalZoneDeviceInstance (type: string)

$Engaged (type: boolean)

164

ThermalStandbyNotification

-

INFO

165

SystemIdle

-

INFO

$IdleInformationUpdated (type: boolean)

$TimeoutSource (type: integer)

$Action (type: integer)

$MinState (type: integer)

$Timeout (type: integer)

$Flags (type: integer)

165

SystemIdle

-

INFO

$IdleInformationUpdated (type: boolean)

$TimeoutSource (type: integer)

$Action (type: integer)

$MinState (type: integer)

$Timeout (type: integer)

$Flags (type: integer)

$Reason (type: integer)

166

SystemIdle

-

INFO

$AccumulatedIdleTime (type: integer)

$SystemIdle (type: boolean)

$Flags (type: integer)

$Action (type: integer)

$MinState (type: integer)

$DozeS4Timeout (type: integer)

166

SystemIdle

-

INFO

$AccumulatedIdleTime (type: integer)

$SystemIdle (type: boolean)

$Flags (type: integer)

$Action (type: integer)

$MinState (type: integer)

$DozeS4Timeout (type: integer)

$PredictedUserReturnTime (type: string)

167

SystemIdle

-

INFO

$Reason (type: integer)

$S0LowPowerDozeTimerCancelled (type: boolean)

168

SystemIdle

-

INFO

$CancelledDueToUserInput (type: boolean)

169

SystemIdle

win:Start

INFO

$Source (type: integer)

$Time (type: string)

170

SystemIdle

win:Stop

INFO

$Reason (type: integer)

171

CsDeepSleepWatchdog

-

INFO

$ResiliencyPhaseNonActivatedNoDeepSleepMs (type: integer)

$NonActivatedCpuTimeMs (type: integer)

$DurationThisPeriodMs (type: integer)

$OnAc (type: boolean)

$ActionsTaken (type: integer)

$PowerSettingPending (type: boolean)

171

CsDeepSleepWatchdog

-

INFO

$ResiliencyPhaseNonActivatedNoDeepSleepMs (type: integer)

$NonActivatedCpuTimeMs (type: integer)

$DurationThisPeriodMs (type: integer)

$OnAc (type: boolean)

$ActionsTaken (type: integer)

$PowerSettingPending (type: boolean)

172

StandbyConnectivityUpdate

-

INFO

$State (type: integer)

$Reason (type: integer)

173

FlushSleepStudyLogger

win:Start

INFO

174

FlushSleepStudyLogger

win:Stop

INFO

175

StandbyConnectivityRundown

-

INFO

$State (type: integer)

$Reason (type: integer)

176

CsComplianceRundown

-

INFO

$Type (type: integer)

$State (type: integer)

177

CsComplianceUpdate

-

INFO

$Type (type: integer)

$State (type: integer)

178

BackgroundActivityPolicyUpdate

-

INFO

$PreviousPolicy (type: integer)

$NewPolicy (type: integer)

179

ForceIdleStateChange

-

INFO

$PrevState (type: integer)

$NewState (type: integer)

180

ForceIdleReset

-

INFO

$Reason (type: integer)

181

DeepSleepSetConstraint

-

INFO

$Constraint (type: integer)

182

DeepSleepClearConstraint

-

INFO

$Constraint (type: integer)

183

DeepSleepConstraintRundown

-

INFO

$ConstraintCount (type: integer)

$Constraints (type: string)

184

IRTimerExpiries

-

INFO

$ExpiryCount (type: integer)

$RelativeId (type: integer)

$ComponentName (type: string)

185

RtcWakeInfo

-

INFO

$WokeSystem (type: boolean)

$RejectReason (type: integer)

$Uncertain (type: boolean)

$Spurious (type: boolean)

$FixedWakeSourceMask (type: integer)

$AcAlarmSignaled (type: boolean)

$DcAlarmSignaled (type: boolean)

$RtcSignaled (type: boolean)

$AcProgrammedTime (type: string)

$DcProgrammedTime (type: string)

$UsingAcTime (type: boolean)

$WakeTime (type: string)

$AdjustedWakeTime (type: string)

$FullWake (type: boolean)

186

Irp

Pended

INFO

$Irp (type: string)

187

NtInitiatePowerActionApiCall

-

INFO

$ApiCallerNameLength (type: integer)

$ApiCallerName (type: string)

$SystemAction (type: integer)

$LightestSystemState (type: integer)

200

task_0

-

INFO

$SqmType (type: integer)

$SqmSessionGuid (type: string)

$SqmSid (type: string)

$SqmWindowsSessionId (type: integer)

$SqmSessionFlags (type: integer)

201

task_0

-

INFO

$SqmType (type: integer)

$SqmSessionGuid (type: string)

202

task_0

-

INFO

$SqmType (type: integer)

$SqmSessionGuid (type: string)

$SqmID (type: integer)

$SqmDWORDDatapointValue (type: integer)

203

task_0

win:Stop

INFO

$SqmType (type: integer)

$SqmSessionGuid (type: string)

$SqmID (type: integer)

$SqmDWORDDatapointValue (type: integer)

204

task_0

-

INFO

$SqmType (type: integer)

$SqmSessionGuid (type: string)

$SqmID (type: integer)

$SqmDWORDDatapointValue (type: integer)

205

task_0

-

INFO

$SqmType (type: integer)

$SqmSessionGuid (type: string)

$SqmID (type: integer)

$SqmDWORDDatapointValue (type: integer)

206

task_0

-

INFO

$SqmType (type: integer)

$SqmSessionGuid (type: string)

$SqmID (type: integer)

$SqmDWORDDatapointValue (type: integer)

207

task_0

-

INFO

$SqmType (type: integer)

$SqmSessionGuid (type: string)

$SqmID (type: integer)

$SqmStringDatapointValue (type: string)

208

task_0

-

INFO

$SqmType (type: integer)

$SqmSessionGuid (type: string)

$SqmID (type: integer)

$SqmStreamRowLength (type: integer)

$SqmStreamRow (type: integer)

300

PluginRegistration

-

INFO

$Plugin (type: string)

$Attributes (type: integer)

301

PluginRegistrationRundown

-

INFO

$Plugin (type: string)

$Attributes (type: integer)

302

DevicePreparation

-

INFO

$Token (type: string)

$Plugin (type: string)

$IdLength (type: integer)

$Id (type: string)

$Prepared (type: boolean)

303

DeviceRegistration

-

INFO

$Token (type: string)

$Plugin (type: string)

$PowerState (type: integer)

$Status (type: integer)

$IdLength (type: integer)

$Id (type: string)

$ComponentCount (type: integer)

303

DeviceRegistration

-

INFO

$Token (type: string)

$Plugin (type: string)

$PowerState (type: integer)

$Status (type: integer)

$IdLength (type: integer)

$Id (type: string)

$ComponentCount (type: integer)

$VetoMasks (type: integer)

304

DeviceRegistrationRundown

-

INFO

$Token (type: string)

$Plugin (type: string)

$PowerState (type: integer)

$Status (type: integer)

$IdLength (type: integer)

$Id (type: string)

$ComponentCount (type: integer)

304

DeviceRegistrationRundown

-

INFO

$Token (type: string)

$Plugin (type: string)

$PowerState (type: integer)

$Status (type: integer)

$IdLength (type: integer)

$Id (type: string)

$ComponentCount (type: integer)

$VetoMasks (type: integer)

305

DeviceUnregistration

-

INFO

$Token (type: string)

306

StartDevicePowerManagement

-

INFO

$Token (type: string)

307

DevicePowerRequirementToDevice

-

INFO

$Token (type: string)

$PowerRequired (type: boolean)

308

DevicePowerState

-

INFO

$Token (type: string)

$PowerState (type: integer)

309

DevicePowered

-

INFO

$Token (type: string)

310

ComponentRegistration

-

INFO

$Token (type: string)

$Component (type: integer)

$Active (type: boolean)

$IdleState (type: integer)

$IdleStateCount (type: integer)

$IdleStates (type: integer)

310

ComponentRegistration

-

INFO

$Token (type: string)

$Component (type: integer)

$Active (type: boolean)

$IdleState (type: integer)

$IdleStateCount (type: integer)

$IdleStates (type: integer)

311

ComponentRegistrationRundown

-

INFO

$Token (type: string)

$Component (type: integer)

$Active (type: boolean)

$IdleState (type: integer)

$IdleStateCount (type: integer)

$IdleStates (type: integer)

311

ComponentRegistrationRundown

-

INFO

$Token (type: string)

$Component (type: integer)

$Active (type: boolean)

$IdleState (type: integer)

$IdleStateCount (type: integer)

$IdleStates (type: integer)

312

ComponentCondition

-

INFO

$Token (type: string)

$Component (type: integer)

$Active (type: boolean)

313

ComponentIdleState

-

INFO

$Token (type: string)

$Component (type: integer)

$IdleState (type: integer)

314

ComponentLatency

-

INFO

$Token (type: string)

$Component (type: integer)

$Latency (type: integer)

315

ComponentResidency

-

INFO

$Token (type: string)

$Component (type: integer)

$Residency (type: integer)

316

ComponentWake

-

INFO

$Token (type: string)

$Component (type: integer)

$ArmedForWake (type: boolean)

317

DevicePowerRequirementFromPep

-

INFO

$Token (type: string)

$PowerRequired (type: boolean)

318

DeviceIdleConstraints

-

INFO

$Token (type: string)

$StateCount (type: integer)

$MinimumDStates (type: integer)

319

ComponentIdleConstraints

-

INFO

$Token (type: string)

$Component (type: integer)

$StateCount (type: integer)

$MinimumFStates (type: integer)

320

DeviceVerboseRundown

-

INFO

$DeviceNode (type: string)

$DeviceIdLength (type: integer)

$DeviceId (type: string)

$InstancePathLength (type: integer)

$InstancePath (type: string)

$ServiceNameLength (type: integer)

$ServiceName (type: string)

$PlatformStateDependents (type: integer)

320

DeviceVerboseRundown

-

INFO

$DeviceNode (type: string)

$DeviceIdLength (type: integer)

$DeviceId (type: string)

$InstancePathLength (type: integer)

$InstancePath (type: string)

$ServiceNameLength (type: integer)

$ServiceName (type: string)

$PlatformStateDependents (type: integer)

$Pdo (type: string)

$ParentDeviceNode (type: string)

320

DeviceVerboseRundown

-

INFO

$DeviceNode (type: string)

$DeviceIdLength (type: integer)

$DeviceId (type: string)

$InstancePathLength (type: integer)

$InstancePath (type: string)

$ServiceNameLength (type: integer)

$ServiceName (type: string)

$PlatformStateDependents (type: integer)

$Pdo (type: string)

$ParentDeviceNode (type: string)

$Flags (type: integer)

321

PerformanceStateRegistration

-

INFO

$Token (type: string)

$Component (type: integer)

$SetCount (type: integer)

322

PerformanceStateRegistrationRundown

-

INFO

$Token (type: string)

$Component (type: integer)

$SetCount (type: integer)

323

PerformanceStateSetRegistration

-

INFO

$Token (type: string)

$Component (type: integer)

$Set (type: integer)

$NameLength (type: integer)

$Name (type: string)

$Type (type: integer)

$Unit (type: integer)

$Minimum (type: integer)

$Maximum (type: integer)

$StateCount (type: integer)

$StateValues (type: integer)

$CurrentState (type: integer)

324

PerformanceStateSetRegistrationRundown

-

INFO

$Token (type: string)

$Component (type: integer)

$Set (type: integer)

$NameLength (type: integer)

$Name (type: string)

$Type (type: integer)

$Unit (type: integer)

$Minimum (type: integer)

$Maximum (type: integer)

$StateCount (type: integer)

$StateValues (type: integer)

$CurrentState (type: integer)

325

ComponentPerformanceState

-

INFO

$Token (type: string)

$Component (type: integer)

$PerformanceStateSetCount (type: integer)

$PerformanceStateSets (type: integer)

326

ComponentPerformanceState

-

INFO

$Token (type: string)

$Component (type: integer)

$Progress (type: integer)

327

ComponentPerformanceState

-

INFO

$Token (type: string)

$Component (type: integer)

$Succeeded (type: boolean)

328

ComponentPerformanceState

-

INFO

$Token (type: string)

$Component (type: integer)

$DeviceTransition (type: boolean)

$PowerState (type: integer)

$PerformanceStateSetCount (type: integer)

$PerformanceStateSets (type: integer)

329

DebuggerTransitionRequirements

-

INFO

$Token (type: string)

$StateCount (type: integer)

$TransitionRequired (type: integer)

330

DefaultPepWorker

win:Start

INFO

$StartDevice (type: string)

331

DefaultPepWorker

win:Stop

INFO

$EndDevice (type: string)

$WorkType (type: integer)

$Phase (type: integer)

$NumberExtraDevices (type: integer)

332

DefaultPepWorkerDeviceRecovered

-

CRITICAL

$EndDevice (type: string)

$WorkType (type: integer)

$Phase (type: integer)

$NumberExtraDevices (type: integer)

333

DefaultPepWorkerDeviceOrphaned

-

CRITICAL

$EndDevice (type: string)

$WorkType (type: integer)

$Phase (type: integer)

$NumberExtraDevices (type: integer)

400

SessionCreated

-

INFO

$SessionId (type: integer)

$Console (type: boolean)

401

SessionClosed

-

INFO

$SessionId (type: integer)

$Console (type: boolean)

402

SessionConnected

-

INFO

$SessionId (type: integer)

$Console (type: boolean)

403

SessionDisconnected

-

INFO

$SessionId (type: integer)

$Console (type: boolean)

404

ActiveInput

-

INFO

$SessionId (type: integer)

$Console (type: boolean)

405

PassiveInput

-

INFO

$SessionId (type: integer)

$Console (type: boolean)

406

SessionLocked

-

INFO

$SessionId (type: integer)

$Console (type: boolean)

407

SessionUnlocked

-

INFO

$SessionId (type: integer)

$Console (type: boolean)

408

SensorInput

-

INFO

$UserPresence (type: integer)

409

SensorInvalid

-

INFO

$Code (type: integer)

410

SensorSmoothing

-

INFO

$Engaged (type: integer)

411

SensorWatchdog

-

INFO

$Engaged (type: integer)

412

DisplaySessionStatus

-

INFO

$SessionId (type: integer)

$State (type: integer)

413

UserSessionStatus

-

INFO

$SessionId (type: integer)

$State (type: integer)

414

UserGlobalStatus

-

INFO

$SessionId (type: integer)

$State (type: integer)

414

UserGlobalStatus

-

INFO

$SessionId (type: integer)

$State (type: integer)

$TransitionCount (type: integer)

415

SensorInputChanged

-

INFO

$Old (type: integer)

$New (type: integer)

416

InputState

-

INFO

$Value (type: integer)

$Zeroed (type: integer)

$Computed (type: integer)

417

DisplayState

-

INFO

$Value (type: integer)

$Zeroed (type: integer)

$Computed (type: integer)

418

PolicyChange

-

INFO

$SensorDisplayTimeout (type: integer)

$DisplayTimeout (type: integer)

$SensorInputTimeout (type: integer)

$InputTimeout (type: integer)

$SessionLockedTimeout (type: integer)

$SensorEnabled (type: integer)

500

IoCoalescingOn

-

INFO

$SpindownTimeout (type: integer)

$TimerInterval (type: integer)

$FlushInterval (type: integer)

$Flags (type: integer)

501

IoCoalescingOff

-

INFO

502

IoCoalescingFlush

-

INFO

503

IoCoalescingDiskIdle

-

INFO

$DiskDeviceObject (type: string)

504

SystemLatencyUpdate

-

INFO

$SystemLatency (type: integer)

505

SystemLatencyRundown

-

INFO

$SystemLatency (type: integer)

506

CsEnterReason

-

INFO

$Reason (type: integer)

506

CsEnterReason

-

INFO

$Reason (type: integer)

$LidOpenState (type: boolean)

$ExternalMonitorConnectedState (type: boolean)

$ScenarioInstanceId (type: integer)

506

CsEnterReason

-

INFO

$Reason (type: integer)

$LidOpenState (type: boolean)

$ExternalMonitorConnectedState (type: boolean)

$ScenarioInstanceId (type: integer)

$BatteryRemainingCapacityOnEnter (type: integer)

$BatteryFullChargeCapacityOnEnter (type: integer)

506

CsEnterReason

-

INFO

$Reason (type: integer)

$LidOpenState (type: boolean)

$ExternalMonitorConnectedState (type: boolean)

$ScenarioInstanceId (type: integer)

$BatteryRemainingCapacityOnEnter (type: integer)

$BatteryFullChargeCapacityOnEnter (type: integer)

$ScenarioInstanceIdV2 (type: integer)

$BootId (type: integer)

507

CsExitReason

-

INFO

$EnergyDrain (type: integer)

$ActiveResidencyInUs (type: integer)

$NonDripsTimeActivatedInUs (type: integer)

$FirstDripsEntryInUs (type: integer)

$DripsResidencyInUs (type: integer)

$DurationInUs (type: integer)

$DripsTransitions (type: integer)

$FullChargeCapacityRatio (type: integer)

$AudioPlaying (type: boolean)

$Reason (type: integer)

$AudioPlaybackInUs (type: integer)

$NonActivatedCpuInUs (type: integer)

$PowerStateAc (type: boolean)

507

CsExitReason

-

INFO

$EnergyDrain (type: integer)

$ActiveResidencyInUs (type: integer)

$NonDripsTimeActivatedInUs (type: integer)

$FirstDripsEntryInUs (type: integer)

$DripsResidencyInUs (type: integer)

$DurationInUs (type: integer)

$DripsTransitions (type: integer)

$FullChargeCapacityRatio (type: integer)

$AudioPlaying (type: boolean)

$Reason (type: integer)

$AudioPlaybackInUs (type: integer)

$NonActivatedCpuInUs (type: integer)

$PowerStateAc (type: boolean)

$HwDripsResidencyInUs (type: integer)

507

CsExitReason

-

INFO

$EnergyDrain (type: integer)

$ActiveResidencyInUs (type: integer)

$NonDripsTimeActivatedInUs (type: integer)

$FirstDripsEntryInUs (type: integer)

$DripsResidencyInUs (type: integer)

$DurationInUs (type: integer)

$DripsTransitions (type: integer)

$FullChargeCapacityRatio (type: integer)

$AudioPlaying (type: boolean)

$Reason (type: integer)

$AudioPlaybackInUs (type: integer)

$NonActivatedCpuInUs (type: integer)

$PowerStateAc (type: boolean)

$HwDripsResidencyInUs (type: integer)

$ExitLatencyInUs (type: integer)

507

CsExitReason

-

INFO

$EnergyDrain (type: integer)

$ActiveResidencyInUs (type: integer)

$NonDripsTimeActivatedInUs (type: integer)

$FirstDripsEntryInUs (type: integer)

$DripsResidencyInUs (type: integer)

$DurationInUs (type: integer)

$DripsTransitions (type: integer)

$FullChargeCapacityRatio (type: integer)

$AudioPlaying (type: boolean)

$Reason (type: integer)

$AudioPlaybackInUs (type: integer)

$NonActivatedCpuInUs (type: integer)

$PowerStateAc (type: boolean)

$HwDripsResidencyInUs (type: integer)

$ExitLatencyInUs (type: integer)

$DisconnectedStandby (type: boolean)

$AoAcCompliantNic (type: boolean)

507

CsExitReason

-

INFO

$EnergyDrain (type: integer)

$ActiveResidencyInUs (type: integer)

$NonDripsTimeActivatedInUs (type: integer)

$FirstDripsEntryInUs (type: integer)

$DripsResidencyInUs (type: integer)

$DurationInUs (type: integer)

$DripsTransitions (type: integer)

$FullChargeCapacityRatio (type: integer)

$AudioPlaying (type: boolean)

$Reason (type: integer)

$AudioPlaybackInUs (type: integer)

$NonActivatedCpuInUs (type: integer)

$PowerStateAc (type: boolean)

$HwDripsResidencyInUs (type: integer)

$ExitLatencyInUs (type: integer)

$DisconnectedStandby (type: boolean)

$AoAcCompliantNic (type: boolean)

$NonAttributedCpuInUs (type: integer)

507

CsExitReason

-

INFO

$EnergyDrain (type: integer)

$ActiveResidencyInUs (type: integer)

$NonDripsTimeActivatedInUs (type: integer)

$FirstDripsEntryInUs (type: integer)

$DripsResidencyInUs (type: integer)

$DurationInUs (type: integer)

$DripsTransitions (type: integer)

$FullChargeCapacityRatio (type: integer)

$AudioPlaying (type: boolean)

$Reason (type: integer)

$AudioPlaybackInUs (type: integer)

$NonActivatedCpuInUs (type: integer)

$PowerStateAc (type: boolean)

$HwDripsResidencyInUs (type: integer)

$ExitLatencyInUs (type: integer)

$DisconnectedStandby (type: boolean)

$AoAcCompliantNic (type: boolean)

$NonAttributedCpuInUs (type: integer)

$ModernSleepEnabledActionsBitmask (type: integer)

$ModernSleepAppliedActionsBitmask (type: integer)

$LidOpenState (type: boolean)

$ExternalMonitorConnectedState (type: boolean)

$ScenarioInstanceId (type: integer)

$IsCsSessionInProgressOnExit (type: boolean)

507

CsExitReason

-

INFO

$EnergyDrain (type: integer)

$ActiveResidencyInUs (type: integer)

$NonDripsTimeActivatedInUs (type: integer)

$FirstDripsEntryInUs (type: integer)

$DripsResidencyInUs (type: integer)

$DurationInUs (type: integer)

$DripsTransitions (type: integer)

$FullChargeCapacityRatio (type: integer)

$AudioPlaying (type: boolean)

$Reason (type: integer)

$AudioPlaybackInUs (type: integer)

$NonActivatedCpuInUs (type: integer)

$PowerStateAc (type: boolean)

$HwDripsResidencyInUs (type: integer)

$ExitLatencyInUs (type: integer)

$DisconnectedStandby (type: boolean)

$AoAcCompliantNic (type: boolean)

$NonAttributedCpuInUs (type: integer)

$ModernSleepEnabledActionsBitmask (type: integer)

$ModernSleepAppliedActionsBitmask (type: integer)

$LidOpenState (type: boolean)

$ExternalMonitorConnectedState (type: boolean)

$ScenarioInstanceId (type: integer)

$IsCsSessionInProgressOnExit (type: boolean)

$BatteryRemainingCapacityOnExit (type: integer)

$BatteryFullChargeCapacityOnExit (type: integer)

507

CsExitReason

-

INFO

$EnergyDrain (type: integer)

$ActiveResidencyInUs (type: integer)

$NonDripsTimeActivatedInUs (type: integer)

$FirstDripsEntryInUs (type: integer)

$DripsResidencyInUs (type: integer)

$DurationInUs (type: integer)

$DripsTransitions (type: integer)

$FullChargeCapacityRatio (type: integer)

$AudioPlaying (type: boolean)

$Reason (type: integer)

$AudioPlaybackInUs (type: integer)

$NonActivatedCpuInUs (type: integer)

$PowerStateAc (type: boolean)

$HwDripsResidencyInUs (type: integer)

$ExitLatencyInUs (type: integer)

$DisconnectedStandby (type: boolean)

$AoAcCompliantNic (type: boolean)

$NonAttributedCpuInUs (type: integer)

$ModernSleepEnabledActionsBitmask (type: integer)

$ModernSleepAppliedActionsBitmask (type: integer)

$LidOpenState (type: boolean)

$ExternalMonitorConnectedState (type: boolean)

$ScenarioInstanceId (type: integer)

$IsCsSessionInProgressOnExit (type: boolean)

$BatteryRemainingCapacityOnExit (type: integer)

$BatteryFullChargeCapacityOnExit (type: integer)

$ScenarioInstanceIdV2 (type: integer)

$BootId (type: integer)

$InputSuppressionActionCount (type: integer)

$NonResiliencyTimeInUs (type: integer)

$ResiliencyDripsTimeInUs (type: integer)

$ResiliencyHwDripsTimeInUs (type: integer)

508

DynamicTickDisabled

-

INFO

$Reason (type: integer)

509

DynamicTickStatusRundown

-

INFO

$Flags (type: integer)

510

SpmStatusUpdate

-

INFO

$SpmStatus (type: integer)

511

SpmStatusRundown

-

INFO

$SpmStatus (type: integer)

512

SpmPolicyAliasRundown

-

INFO

$PolicyGuid (type: string)

$PolicyAliasLength (type: integer)

$PolicyAlias (type: string)

513

SpmScenarioPolicyRundown

-

INFO

$ScenarioGuid (type: string)

$ScenarioNameLength (type: integer)

$ScenarioName (type: string)

$Flags (type: integer)

$DefaultSettingsScenarioGuid (type: string)

$PolicyCount (type: integer)

$PolicySettings (type: integer)

514

ComponentAccounting

-

INFO

$ScenarioInstanceId (type: integer)

$DeviceNode (type: string)

$Component (type: integer)

$ActiveTime (type: integer)

515

SpmScenarioStart

-

INFO

$ScenarioGuid (type: string)

$ScenarioInstanceId (type: integer)

515

SpmScenarioStart

-

INFO

$ScenarioGuid (type: string)

$ScenarioInstanceId (type: integer)

$CsEnterReason (type: integer)

515

SpmScenarioStart

-

INFO

$ScenarioGuid (type: string)

$ScenarioInstanceId (type: integer)

$CsEnterReason (type: integer)

$BatteryRemainingCapacityOnEnter (type: integer)

$BatteryFullChargeCapacityOnEnter (type: integer)

515

SpmScenarioStart

-

INFO

$ScenarioGuid (type: string)

$ScenarioInstanceId (type: integer)

$CsEnterReason (type: integer)

$BatteryRemainingCapacityOnEnter (type: integer)

$BatteryFullChargeCapacityOnEnter (type: integer)

$ScenarioInstanceIdV2 (type: integer)

$BootId (type: integer)

$CurrentSystemTime (type: string)

516

SpmScenarioStop

-

INFO

$EnergyDrain (type: integer)

$DripsResidencyInUs (type: integer)

$OnAc (type: boolean)

$HwDripsResidencyInUs (type: integer)

$PreVetoCount (type: integer)

$VetoCount (type: integer)

$DurationInUs (type: integer)

$FullChargeCapacity (type: integer)

$NonActivatedCpuInUs (type: integer)

$IRTruncatePercentage (type: integer)

$DesignCapacity (type: integer)

516

SpmScenarioStop

-

INFO

$EnergyDrain (type: integer)

$DripsResidencyInUs (type: integer)

$OnAc (type: boolean)

$HwDripsResidencyInUs (type: integer)

$PreVetoCount (type: integer)

$VetoCount (type: integer)

$DurationInUs (type: integer)

$FullChargeCapacity (type: integer)

$NonActivatedCpuInUs (type: integer)

$IRTruncatePercentage (type: integer)

$DesignCapacity (type: integer)

$AudioDurationInUs (type: integer)

$Reason (type: integer)

516

SpmScenarioStop

-

INFO

$EnergyDrain (type: integer)

$DripsResidencyInUs (type: integer)

$OnAc (type: boolean)

$HwDripsResidencyInUs (type: integer)

$PreVetoCount (type: integer)

$VetoCount (type: integer)

$DurationInUs (type: integer)

$FullChargeCapacity (type: integer)

$NonActivatedCpuInUs (type: integer)

$IRTruncatePercentage (type: integer)

$DesignCapacity (type: integer)

$AudioDurationInUs (type: integer)

$Reason (type: integer)

$DisconnectedStandby (type: boolean)

516

SpmScenarioStop

-

INFO

$EnergyDrain (type: integer)

$DripsResidencyInUs (type: integer)

$OnAc (type: boolean)

$HwDripsResidencyInUs (type: integer)

$PreVetoCount (type: integer)

$VetoCount (type: integer)

$DurationInUs (type: integer)

$FullChargeCapacity (type: integer)

$NonActivatedCpuInUs (type: integer)

$IRTruncatePercentage (type: integer)

$DesignCapacity (type: integer)

$AudioDurationInUs (type: integer)

$Reason (type: integer)

$DisconnectedStandby (type: boolean)

$AoAcCompliantNic (type: boolean)

516

SpmScenarioStop

-

INFO

$EnergyDrain (type: integer)

$DripsResidencyInUs (type: integer)

$OnAc (type: boolean)

$HwDripsResidencyInUs (type: integer)

$PreVetoCount (type: integer)

$VetoCount (type: integer)

$DurationInUs (type: integer)

$FullChargeCapacity (type: integer)

$NonActivatedCpuInUs (type: integer)

$IRTruncatePercentage (type: integer)

$DesignCapacity (type: integer)

$AudioDurationInUs (type: integer)

$Reason (type: integer)

$DisconnectedStandby (type: boolean)

$AoAcCompliantNic (type: boolean)

$NonAttributedCpuInUs (type: integer)

$EnergySaverPolicy (type: boolean)

$VideoTimeoutInSec (type: integer)

$LockConsoleTimeoutInSec (type: integer)

$StandbyTimeoutInSec (type: integer)

516

SpmScenarioStop

-

INFO

$EnergyDrain (type: integer)

$DripsResidencyInUs (type: integer)

$OnAc (type: boolean)

$HwDripsResidencyInUs (type: integer)

$PreVetoCount (type: integer)

$VetoCount (type: integer)

$DurationInUs (type: integer)

$FullChargeCapacity (type: integer)

$NonActivatedCpuInUs (type: integer)

$IRTruncatePercentage (type: integer)

$DesignCapacity (type: integer)

$AudioDurationInUs (type: integer)

$Reason (type: integer)

$DisconnectedStandby (type: boolean)

$AoAcCompliantNic (type: boolean)

$NonAttributedCpuInUs (type: integer)

$EnergySaverPolicy (type: boolean)

$VideoTimeoutInSec (type: integer)

$LockConsoleTimeoutInSec (type: integer)

$StandbyTimeoutInSec (type: integer)

$ModernSleepEnabledActionsBitmask (type: integer)

$ModernSleepAppliedActionsBitmask (type: integer)

516

SpmScenarioStop

-

INFO

$EnergyDrain (type: integer)

$DripsResidencyInUs (type: integer)

$OnAc (type: boolean)

$HwDripsResidencyInUs (type: integer)

$PreVetoCount (type: integer)

$VetoCount (type: integer)

$DurationInUs (type: integer)

$FullChargeCapacity (type: integer)

$NonActivatedCpuInUs (type: integer)

$IRTruncatePercentage (type: integer)

$DesignCapacity (type: integer)

$AudioDurationInUs (type: integer)

$Reason (type: integer)

$DisconnectedStandby (type: boolean)

$AoAcCompliantNic (type: boolean)

$NonAttributedCpuInUs (type: integer)

$EnergySaverPolicy (type: boolean)

$VideoTimeoutInSec (type: integer)

$LockConsoleTimeoutInSec (type: integer)

$StandbyTimeoutInSec (type: integer)

$ModernSleepEnabledActionsBitmask (type: integer)

$ModernSleepAppliedActionsBitmask (type: integer)

$EnergyDrainV2Flags (type: integer)

$EnergyDrainV2 (type: integer)

516

SpmScenarioStop

-

INFO

$EnergyDrain (type: integer)

$DripsResidencyInUs (type: integer)

$OnAc (type: boolean)

$HwDripsResidencyInUs (type: integer)

$PreVetoCount (type: integer)

$VetoCount (type: integer)

$DurationInUs (type: integer)

$FullChargeCapacity (type: integer)

$NonActivatedCpuInUs (type: integer)

$IRTruncatePercentage (type: integer)

$DesignCapacity (type: integer)

$AudioDurationInUs (type: integer)

$Reason (type: integer)

$DisconnectedStandby (type: boolean)

$AoAcCompliantNic (type: boolean)

$NonAttributedCpuInUs (type: integer)

$EnergySaverPolicy (type: boolean)

$VideoTimeoutInSec (type: integer)

$LockConsoleTimeoutInSec (type: integer)

$StandbyTimeoutInSec (type: integer)

$ModernSleepEnabledActionsBitmask (type: integer)

$ModernSleepAppliedActionsBitmask (type: integer)

$EnergyDrainV2Flags (type: integer)

$EnergyDrainV2 (type: integer)

$DirectedDripsTransitionCount (type: integer)

$IsHibernateEnabled (type: boolean)

$HibernateTimeoutInSec (type: integer)

$HibernateBudgetPercentage (type: integer)

516

SpmScenarioStop

-

INFO

$EnergyDrain (type: integer)

$DripsResidencyInUs (type: integer)

$OnAc (type: boolean)

$HwDripsResidencyInUs (type: integer)

$PreVetoCount (type: integer)

$VetoCount (type: integer)

$DurationInUs (type: integer)

$FullChargeCapacity (type: integer)

$NonActivatedCpuInUs (type: integer)

$IRTruncatePercentage (type: integer)

$DesignCapacity (type: integer)

$AudioDurationInUs (type: integer)

$Reason (type: integer)

$DisconnectedStandby (type: boolean)

$AoAcCompliantNic (type: boolean)

$NonAttributedCpuInUs (type: integer)

$EnergySaverPolicy (type: boolean)

$VideoTimeoutInSec (type: integer)

$LockConsoleTimeoutInSec (type: integer)

$StandbyTimeoutInSec (type: integer)

$ModernSleepEnabledActionsBitmask (type: integer)

$ModernSleepAppliedActionsBitmask (type: integer)

$EnergyDrainV2Flags (type: integer)

$EnergyDrainV2 (type: integer)

$DirectedDripsTransitionCount (type: integer)

$IsHibernateEnabled (type: boolean)

$HibernateTimeoutInSec (type: integer)

$HibernateBudgetPercentage (type: integer)

$IsLockConsoleTimeoutActive (type: boolean)

517

DeviceAccounting

-

INFO

$ScenarioInstanceId (type: integer)

$DeviceNode (type: string)

$ActiveTime (type: integer)

518

IoShutdownFileSystems

win:Start

INFO

519

IoShutdownFileSystems

win:Stop

INFO

520

BrightnessEngineSwap

-

INFO

521

BatteryCountChange

-

INFO

$ValidBatteryCount (type: integer)

$ErrorBatteryCount (type: integer)

$AbandonedBatteryCount (type: integer)

522

CsDripsDivergence

-

INFO

$HwDripsTotalTimeValid (type: boolean)

$DripsTotalTimeThisPeriodUs (type: integer)

$HwDripsTotalTimeThisPeriodUs (type: integer)

$PopDripsSwHwDivergenceThreshold (type: integer)

523

Irp

-

INFO

$Irp (type: string)

$Status (type: integer)

$FailedDriver (type: string)

$ElapsedTime (type: integer)

524

BatteryTriggerMet

-

INFO

$Index (type: integer)

$ActiveBatteryCount (type: integer)

$RemainingPercentage (type: integer)

$IsAcOnline (type: integer)

$BatteryActionInternalFlags (type: string)

$IsPowerActionCallIgnored (type: integer)

$IsPowerPolicyEnabled (type: integer)

$PowerPolicyAction (type: integer)

$PowerPolicyBatteryLevel (type: integer)

$PowerPolicyEventCode (type: integer)

$PowerPolicyMinState (type: integer)

525

NetRefreshTimerArmed

-

INFO

$DurationInUs (type: integer)

526

NetRefreshTimerDisarmed

-

INFO

527

PowerStateEventRundown

-

INFO

$Event (type: integer)

$Class (type: integer)

$Count (type: integer)

528

PowerStateEvent

-

INFO

$Event (type: integer)

$Intent (type: integer)

529

PowerAggregatorQueueOverflow

-

INFO

$Intent (type: integer)

$Class (type: integer)

$PowerEvent (type: integer)

530

PowerAggregatorRequest

-

INFO

$SessionId (type: integer)

$RequestQueueId (type: integer)

$Intent (type: integer)

$Class (type: integer)

$PowerEvent (type: integer)

$VetoReason (type: integer)

531

PowerAggregatorValidationEvent

-

INFO

$SessionId (type: integer)

$Action (type: integer)

$Result (type: integer)

532

PowerAggregatorCompletionEvent

-

INFO

$SessionId (type: integer)

$Result (type: integer)

533

PowerAggregatorSessionBegin

-

INFO

$SessionId (type: integer)

$PowerEvent (type: integer)

$Action (type: integer)

$AudioActivity (type: boolean)

$DisconnectedStandbyMode (type: integer)

$DsEnabled (type: boolean)

534

PowerAggregatorSessionEnd

-

INFO

$SessionId (type: integer)

$Result (type: integer)

535

DirectedDripsEngaged

-

INFO

$CsSessionId (type: integer)

$Engaged (type: boolean)

536

DirectedDripsWorker

-

INFO

$CsSessionId (type: integer)

$WorkFlags (type: integer)

537

DirectedDripsMarkDevice

-

INFO

$CsSessionId (type: integer)

$DeviceObject (type: string)

538

DirectedDripsNotifyAppsAndServices

-

INFO

$CsSessionId (type: integer)

$Suspended (type: boolean)

$Result (type: integer)

$DurationMs (type: integer)

539

DirectedDripsNotifyDevices

-

INFO

$CsSessionId (type: integer)

$Suspended (type: boolean)

$Result (type: integer)

$DurationMs (type: integer)

540

DirectedDripsInitialization

-

INFO

$EnableResult (type: integer)

$InitializationResult (type: integer)

541

SIdleUpdateNotificationWorker

-

INFO

$SystemIdle (type: boolean)

542

PowerAggregatorInvalidRequestIndex

-

INFO

$RequestIndex (type: integer)

$NumberOfRequests (type: integer)

$QueueSize (type: integer)

543

DripsWakeAccountingSummary

-

INFO

$CsSessionId (type: integer)

$Count (type: integer)

$IdleMinDurationInUs (type: integer)

$IdleMaxDurationInUs (type: integer)

$IdleTotalDurationInUs (type: integer)

$ReasonDescriptionLength (type: integer)

$ReasonDescription (type: string)

$GroupCount (type: integer)

$Group (type: integer)

544

DirectedDripsDisengageMaskChange

-

INFO

$OldMask (type: integer)

$NewMask (type: integer)

$SetFlags (type: integer)

$ClearedFlags (type: integer)

545

DirectedDripsDeviceVisit

-

INFO

$BroadcastTreeId (type: integer)

$IsRootDevice (type: boolean)

$DeviceNode (type: string)

$InstancePathLength (type: integer)

$InstancePath (type: string)

546

DirectedDripsProblemDevice

-

INFO

$BroadcastTreeId (type: integer)

$DeviceNode (type: string)

$Reason (type: integer)

547

DirectedPowerTransitionStart

-

INFO

$DeviceNode (type: string)

$PowerDown (type: boolean)

548

DirectedPowerTransitionEnd

-

INFO

$DeviceNode (type: string)

$PowerDown (type: boolean)

Microsoft-Windows-Kernel-PowerTrigger

1

task_0

-

INFO

$AoAc (type: boolean)

Microsoft-Windows-Kernel-Processor-Power

1

IdleStatesError

-

ERROR

$Processor (type: integer)

2

PerfStatesError

-

ERROR

$Processor (type: integer)

3

ThrottleStatesError

-

ERROR

$Processor (type: integer)

4

Summary

-

INFO

$Processor (type: integer)

$IdleStateCount (type: integer)

$PerfStateCount (type: integer)

$ThrottleStateCount (type: integer)

$IdleState (type: integer)

$PerfState (type: integer)

5

IdleStatesErrata

-

ERROR

6

PerfStatesErrata

-

ERROR

7

LongCapInfo

-

WARNING

$Processor (type: integer)

$CapDurationInSeconds (type: integer)

$PpcChanges (type: integer)

$TpcChanges (type: integer)

8

QuickCapInfo

-

WARNING

$Processor (type: integer)

$CapDurationInSeconds (type: integer)

$PpcChanges (type: integer)

$TpcChanges (type: integer)

9

DomainPerfStateChange

-

INFO

$State (type: integer)

$Speed (type: integer)

$GroupCount (type: integer)

$Group (type: integer)

9

DomainPerfStateChange

-

INFO

$State (type: integer)

$Speed (type: integer)

$GroupCount (type: integer)

$Group (type: integer)

$Performance (type: integer)

9

DomainPerfStateChange

-

INFO

$State (type: integer)

$Speed (type: integer)

$GroupCount (type: integer)

$Group (type: integer)

$Performance (type: integer)

$MinPercent (type: integer)

$MaxPercent (type: integer)

$TolerancePercent (type: integer)

9

DomainPerfStateChange

-

INFO

$State (type: integer)

$Speed (type: integer)

$GroupCount (type: integer)

$Group (type: integer)

$Performance (type: integer)

$MinPercent (type: integer)

$MaxPercent (type: integer)

$TolerancePercent (type: integer)

$Autonomous (type: boolean)

10

ProcessorPerfStateChange

-

INFO

$State (type: integer)

$Speed (type: integer)

$Group (type: integer)

$Number (type: integer)

10

ProcessorPerfStateChange

-

INFO

$State (type: integer)

$Speed (type: integer)

$Group (type: integer)

$Number (type: integer)

$Performance (type: integer)

10

ProcessorPerfStateChange

-

INFO

$State (type: integer)

$Speed (type: integer)

$Group (type: integer)

$Number (type: integer)

$Performance (type: integer)

$TolerancePercent (type: integer)

10

ProcessorPerfStateChange

-

INFO

$State (type: integer)

$Speed (type: integer)

$Group (type: integer)

$Number (type: integer)

$Performance (type: integer)

$TolerancePercent (type: integer)

$MinPercent (type: integer)

$MaxPercent (type: integer)

$EppPercent (type: integer)

$ActivityWindow (type: integer)

$Autonomous (type: boolean)

$Initiated (type: boolean)

$VirtualLittle (type: boolean)

10

ProcessorPerfStateChange

-

INFO

$State (type: integer)

$Speed (type: integer)

$Group (type: integer)

$Number (type: integer)

$Performance (type: integer)

$TolerancePercent (type: integer)

$MinPercent (type: integer)

$MaxPercent (type: integer)

$EppPercent (type: integer)

$ActivityWindow (type: integer)

$Autonomous (type: boolean)

$Initiated (type: boolean)

$QosClass (type: integer)

11

PerfCheck

win:Start

-

$PpmCheckTime (type: integer)

11

PerfCheck

win:Start

-

$PpmCheckTime (type: integer)

$AdjustedCheckTime (type: integer)

$StartPhase (type: integer)

12

RecordedUtility

-

-

$PpmCheckTime (type: integer)

$IdleTime (type: integer)

$BusyTime (type: integer)

$Frequency (type: integer)

$Group (type: integer)

$Number (type: integer)

12

RecordedUtility

-

-

$PpmCheckTime (type: integer)

$IdleTime (type: integer)

$BusyTime (type: integer)

$Frequency (type: integer)

$Group (type: integer)

$Number (type: integer)

$DeliveredPerformance (type: integer)

$Utility (type: integer)

$AffinitizedUtility (type: integer)

$FrequencySensitivity (type: integer)

12

RecordedUtility

-

-

$PpmCheckTime (type: integer)

$IdleTime (type: integer)

$BusyTime (type: integer)

$Frequency (type: integer)

$Group (type: integer)

$Number (type: integer)

$DeliveredPerformance (type: integer)

$Utility (type: integer)

$AffinitizedUtility (type: integer)

$FrequencySensitivity (type: integer)

$BufferingPercent (type: integer)

$StallTime (type: integer)

13

ExpectedUtility

-

INFO

$PpmCheckTime (type: integer)

$IdleTimeInMs (type: integer)

$BusyTimeInMs (type: integer)

$ExcessBusyTimeInMs (type: integer)

$Frequency (type: integer)

$Group (type: integer)

$Number (type: integer)

14

ParkCore

-

INFO

$PpmCheckTime (type: integer)

$Group (type: integer)

$Number (type: integer)

15

UnparkCore

-

INFO

$PpmCheckTime (type: integer)

$Group (type: integer)

$Number (type: integer)

16

PerfCheck

win:Stop

-

$PpmCheckTime (type: integer)

18

ProcessorPerfStateChange

-

INFO

$State (type: integer)

$Speed (type: integer)

$Group (type: integer)

$Number (type: integer)

18

ProcessorPerfStateChange

-

INFO

$State (type: integer)

$Speed (type: integer)

$Group (type: integer)

$Number (type: integer)

$Performance (type: integer)

18

ProcessorPerfStateChange

-

INFO

$State (type: integer)

$Speed (type: integer)

$Group (type: integer)

$Number (type: integer)

$Performance (type: integer)

$TolerancePercent (type: integer)

19

IdleAccountingRundown

-

INFO

$StateCount (type: integer)

$TotalTransitions (type: integer)

$ResetCount (type: integer)

$Pad (type: integer)

$StartTime (type: integer)

$State (type: integer)

$Group (type: integer)

$Number (type: integer)

19

IdleAccountingRundown

-

INFO

$StateCount (type: integer)

$TotalTransitions (type: integer)

$ResetCount (type: integer)

$AbortCount (type: integer)

$StartTime (type: integer)

$State (type: integer)

$Group (type: integer)

$Number (type: integer)

$IdleTime (type: integer)

19

IdleAccountingRundown

-

INFO

$StateCount (type: integer)

$TotalTransitions (type: integer)

$ResetCount (type: integer)

$AbortCount (type: integer)

$StartTime (type: integer)

$State (type: string)

$Group (type: integer)

$Number (type: integer)

$IdleTime (type: integer)

$SelectionCount (type: integer)

$SelectionAccounting (type: string)

20

ProcessorFirmwareRundown

-

INFO

$FeaturesPresent (type: integer)

$FeaturesAccessed (type: integer)

$FeaturesValidated (type: integer)

$Group (type: integer)

$Number (type: integer)

21

CStateDomainFirmwareRundown

-

INFO

$DomainId (type: integer)

$MemberCount (type: integer)

$MembersEnumerated (type: integer)

22

PTStateDomainFirmwareRundown

-

INFO

$DomainId (type: integer)

$MemberCount (type: integer)

$MembersEnumerated (type: integer)

23

Summary

-

INFO

$Group (type: integer)

$Number (type: integer)

$IdleStateCount (type: integer)

$PerfStateCount (type: integer)

$ThrottleStateCount (type: integer)

$IdleState (type: integer)

$PerfState (type: integer)

24

IdleStatesErrata

-

ERROR

25

PerfStatesErrata

-

ERROR

26

Summary

-

INFO

$Group (type: integer)

$Number (type: integer)

$IdleStateCount (type: integer)

$PerfStateCount (type: integer)

$ThrottleStateCount (type: integer)

$IdleState (type: integer)

$PerfState (type: integer)

26

Summary

-

INFO

$Group (type: integer)

$Number (type: integer)

$IdleStateCount (type: integer)

$PerfStateCount (type: integer)

$ThrottleStateCount (type: integer)

$IdleState (type: integer)

$PerfState (type: integer)

27

ThrottleStatesErrata

-

ERROR

28

ThrottleStatesErrata

-

ERROR

29

PccSummary

-

INFO

$MajorVersion (type: integer)

$MinorVersion (type: integer)

$MinPerfPercent (type: integer)

$MinThrottlePercent (type: integer)

30

PccSummary

-

INFO

$MajorVersion (type: integer)

$MinorVersion (type: integer)

$MinPerfPercent (type: integer)

$MinThrottlePercent (type: integer)

31

PccErrata

-

ERROR

32

PccErrata

-

ERROR

33

PccError

-

ERROR

$Group (type: integer)

$Number (type: integer)

34

IdleStatesError

-

ERROR

$Group (type: integer)

$Number (type: integer)

34

IdleStatesError

-

ERROR

$Group (type: integer)

$Number (type: integer)

35

PerfStatesError

-

ERROR

$Group (type: integer)

$Number (type: integer)

35

PerfStatesError

-

ERROR

$Group (type: integer)

$Number (type: integer)

36

ThrottleStatesError

-

ERROR

$Group (type: integer)

$Number (type: integer)

36

ThrottleStatesError

-

ERROR

$Group (type: integer)

$Number (type: integer)

37

LongCapInfo

-

WARNING

$Group (type: integer)

$Number (type: integer)

$CapDurationInSeconds (type: integer)

$PpcChanges (type: integer)

$TpcChanges (type: integer)

$PccChanges (type: integer)

37

LongCapInfo

-

WARNING

$Group (type: integer)

$Number (type: integer)

$CapDurationInSeconds (type: integer)

$PpcChanges (type: integer)

$TpcChanges (type: integer)

$PccChanges (type: integer)

38

QuickCapInfo

-

WARNING

$Group (type: integer)

$Number (type: integer)

$CapDurationInSeconds (type: integer)

$PpcChanges (type: integer)

$TpcChanges (type: integer)

$PccChanges (type: integer)

39

NotifyPStates

-

INFO

$Group (type: integer)

$Number (type: integer)

$Cap (type: integer)

40

NotifyCStates

-

INFO

$Group (type: integer)

$Number (type: integer)

41

NotifyTStates

-

INFO

$Group (type: integer)

$Number (type: integer)

$Cap (type: integer)

42

PerfStatesRundown

-

INFO

$Group (type: integer)

$Number (type: integer)

$StateCount (type: integer)

$States (type: integer)

43

BiosPStatesRundown

-

INFO

$Group (type: integer)

$Number (type: integer)

$PBlockAddress (type: integer)

$PBlockLength (type: integer)

$ProcessorId (type: integer)

$ApicId (type: integer)

$Ppc (type: integer)

$PctControl (type: string)

$PctStatus (type: string)

$StateCount (type: integer)

$PssStates (type: string)

44

BiosCStatesRundown

-

INFO

$Group (type: integer)

$Number (type: integer)

$FadtC2Latency (type: integer)

$FadtC3Latency (type: integer)

$CStateVersionInUse (type: integer)

$StateCount (type: integer)

$CstStates (type: integer)

45

BiosTStatesRundown

-

INFO

$Group (type: integer)

$Number (type: integer)

$FadtDutyWidth (type: integer)

$FadtDutyOffset (type: integer)

$Tpc (type: integer)

$TStateVersionInUse (type: integer)

$PtcControl (type: integer)

$PtcStatus (type: string)

$StateCount (type: integer)

$TssStates (type: string)

46

PccCapChange

-

INFO

$Group (type: integer)

$Number (type: integer)

$Cap (type: integer)

47

BiosCapChange

-

INFO

$Group (type: integer)

$Number (type: integer)

$Cap (type: integer)

48

ThermalCapChange

-

INFO

$Group (type: integer)

$Number (type: integer)

$Cap (type: integer)

49

PerfCheck

Makeup

-

50

LogicalProcessorIdlingCorePark

-

INFO

$Cap (type: integer)

$IsApplied (type: boolean)

51

LogicalProcessorIdlingRundown

-

INFO

$Cap (type: integer)

$IsApplied (type: boolean)

52

LatencySensitivityHint

-

INFO

$HintType (type: integer)

53

ParkNodeRecordedStats

-

-

$Group (type: integer)

$Affinity (type: string)

$ConcurrentCores (type: integer)

$HistogramSize (type: integer)

$ConcurrencyHistogram (type: integer)

53

ParkNodeRecordedStats

-

-

$Group (type: integer)

$Affinity (type: string)

$ConcurrentCores (type: integer)

$HistogramSize (type: integer)

$ConcurrencyHistogram (type: integer)

$DistributeCores (type: integer)

54

CpcError

-

ERROR

$Group (type: integer)

$Number (type: integer)

55

Summary2

-

INFO

$Group (type: integer)

$Number (type: integer)

$IdleStateCount (type: integer)

$IdleImplementation (type: integer)

$NominalFrequency (type: integer)

$MaximumPerformancePercent (type: integer)

$MinimumPerformancePercent (type: integer)

$MinimumThrottlePercent (type: integer)

$PerformanceImplementation (type: integer)

55

Summary2

-

INFO

$Group (type: integer)

$Number (type: integer)

$IdleStateCount (type: integer)

$IdleImplementation (type: integer)

$NominalFrequency (type: integer)

$MaximumPerformancePercent (type: integer)

$MinimumPerformancePercent (type: integer)

$MinimumThrottlePercent (type: integer)

$PerformanceImplementation (type: integer)

56

Summary2

-

INFO

$Group (type: integer)

$Number (type: integer)

$IdleStateCount (type: integer)

$IdleImplementation (type: integer)

$NominalFrequency (type: integer)

$MaximumPerformancePercent (type: integer)

$MinimumPerformancePercent (type: integer)

$MinimumThrottlePercent (type: integer)

$PerformanceImplementation (type: integer)

57

PepGetIdleStates

-

INFO

$Group (type: integer)

$Number (type: integer)

$MaximumCoordinatedProcessors (type: integer)

$StateCount (type: integer)

$States (type: integer)

58

PepGetIdleStates

-

INFO

$Group (type: integer)

$Number (type: integer)

$MaximumCoordinatedProcessors (type: integer)

$StateCount (type: integer)

$States (type: integer)

59

PepQueryCapabilities

-

INFO

$Group (type: integer)

$Number (type: integer)

$FeedbackCounterCount (type: integer)

$IdleStateCount (type: integer)

$PerformanceStatesSupported (type: boolean)

$ParkingSupported (type: boolean)

59

PepQueryCapabilities

-

INFO

$Group (type: integer)

$Number (type: integer)

$FeedbackCounterCount (type: integer)

$IdleStateCount (type: integer)

$PerformanceStatesSupported (type: boolean)

$ParkingSupported (type: boolean)

$DiscretePerformanceStateCount (type: integer)

60

PepQueryCapabilities

-

INFO

$Group (type: integer)

$Number (type: integer)

$FeedbackCounterCount (type: integer)

$IdleStateCount (type: integer)

$PerformanceStatesSupported (type: boolean)

$ParkingSupported (type: boolean)

60

PepQueryCapabilities

-

INFO

$Group (type: integer)

$Number (type: integer)

$FeedbackCounterCount (type: integer)

$IdleStateCount (type: integer)

$PerformanceStatesSupported (type: boolean)

$ParkingSupported (type: boolean)

$DiscretePerformanceStateCount (type: integer)

61

PepPerfConstraintChange

-

INFO

$Group (type: integer)

$Number (type: integer)

$GuaranteedPerformance (type: integer)

$LimitReasons (type: integer)

62

PepPerfCapabilities

-

INFO

$Group (type: integer)

$Number (type: integer)

$FeedbackCount (type: integer)

$Feedback (type: integer)

$HighestPerformance (type: integer)

$NominalPerformance (type: integer)

$LowestNonlinearPerformance (type: integer)

$LowestPerformance (type: integer)

$DomainId (type: integer)

$DomainMembers (type: integer)

62

PepPerfCapabilities

-

INFO

$Group (type: integer)

$Number (type: integer)

$FeedbackCount (type: integer)

$Feedback (type: string)

$HighestPerformance (type: integer)

$NominalPerformance (type: integer)

$LowestNonlinearPerformance (type: integer)

$LowestPerformance (type: integer)

$DomainId (type: integer)

$DomainMembers (type: integer)

$PerfStateCount (type: integer)

$PerfStates (type: string)

63

PepPerfCapabilities

-

INFO

$Group (type: integer)

$Number (type: integer)

$FeedbackCount (type: integer)

$Feedback (type: integer)

$HighestPerformance (type: integer)

$NominalPerformance (type: integer)

$LowestNonlinearPerformance (type: integer)

$LowestPerformance (type: integer)

$DomainId (type: integer)

$DomainMembers (type: integer)

63

PepPerfCapabilities

-

INFO

$Group (type: integer)

$Number (type: integer)

$FeedbackCount (type: integer)

$Feedback (type: string)

$HighestPerformance (type: integer)

$NominalPerformance (type: integer)

$LowestNonlinearPerformance (type: integer)

$LowestPerformance (type: integer)

$DomainId (type: integer)

$DomainMembers (type: integer)

$PerfStateCount (type: integer)

$PerfStates (type: string)

64

ProcessorPerformanceRundown

-

INFO

$Group (type: integer)

$Number (type: integer)

$Parked (type: boolean)

$BiosCap (type: integer)

$ThermalCap (type: integer)

$DesiredPerformance (type: integer)

$NominalFrequency (type: integer)

64

ProcessorPerformanceRundown

-

INFO

$Group (type: integer)

$Number (type: integer)

$Parked (type: boolean)

$BiosCap (type: integer)

$ThermalCap (type: integer)

$DesiredPerformance (type: integer)

$NominalFrequency (type: integer)

$MinPercent (type: integer)

$MaxPercent (type: integer)

$TolerancePercent (type: integer)

$DeliveredPerformance (type: integer)

64

ProcessorPerformanceRundown

-

INFO

$Group (type: integer)

$Number (type: integer)

$Parked (type: boolean)

$BiosCap (type: integer)

$ThermalCap (type: integer)

$DesiredPerformance (type: integer)

$NominalFrequency (type: integer)

$MinPercent (type: integer)

$MaxPercent (type: integer)

$TolerancePercent (type: integer)

$DeliveredPerformance (type: integer)

$EfficiencyClass (type: integer)

$SchedulingClass (type: integer)

$Autonomous (type: boolean)

64

ProcessorPerformanceRundown

-

INFO

$Group (type: integer)

$Number (type: integer)

$Parked (type: boolean)

$BiosCap (type: integer)

$ThermalCap (type: integer)

$DesiredPerformance (type: integer)

$NominalFrequency (type: integer)

$MinPercent (type: integer)

$MaxPercent (type: integer)

$TolerancePercent (type: integer)

$DeliveredPerformance (type: integer)

$EfficiencyClass (type: integer)

$SchedulingClass (type: integer)

$Autonomous (type: boolean)

$EppPercent (type: integer)

$ActivityWindow (type: integer)

$VirtualLittle (type: boolean)

$RelativePerformance (type: integer)

64

ProcessorPerformanceRundown

-

INFO

$Group (type: integer)

$Number (type: integer)

$Parked (type: boolean)

$BiosCap (type: integer)

$ThermalCap (type: integer)

$DesiredPerformance (type: integer)

$NominalFrequency (type: integer)

$MinPercent (type: integer)

$MaxPercent (type: integer)

$TolerancePercent (type: integer)

$DeliveredPerformance (type: integer)

$EfficiencyClass (type: integer)

$SchedulingClass (type: integer)

$Autonomous (type: boolean)

$EppPercent (type: integer)

$ActivityWindow (type: integer)

$QosClass (type: integer)

$RelativePerformance (type: integer)

64

ProcessorPerformanceRundown

-

INFO

$Group (type: integer)

$Number (type: integer)

$Parked (type: boolean)

$BiosCap (type: integer)

$ThermalCap (type: integer)

$DesiredPerformance (type: integer)

$NominalFrequency (type: integer)

$MinPercent (type: integer)

$MaxPercent (type: integer)

$TolerancePercent (type: integer)

$DeliveredPerformance (type: integer)

$EfficiencyClass (type: integer)

$SchedulingClass (type: integer)

$Autonomous (type: boolean)

$EppPercent (type: integer)

$ActivityWindow (type: integer)

$QosClass (type: integer)

$RelativePerformance (type: integer)

$EfficiencySchedulingClass (type: integer)

65

ParkNodeRundown

-

INFO

$Group (type: integer)

$Affinity (type: string)

$Parked (type: string)

$LpiCap (type: integer)

65

ParkNodeRundown

-

INFO

$Group (type: integer)

$Affinity (type: string)

$Parked (type: string)

$LpiCap (type: integer)

$ThermalCap (type: integer)

65

ParkNodeRundown

-

INFO

$Group (type: integer)

$Affinity (type: string)

$Parked (type: string)

$LpiCap (type: integer)

$ThermalCap (type: integer)

$ParkHint (type: string)

66

ParkNodeCapChange

-

INFO

$Group (type: integer)

$Affinity (type: string)

$LpiCap (type: integer)

66

ParkNodeCapChange

-

INFO

$Group (type: integer)

$Affinity (type: string)

$LpiCap (type: integer)

$ThermalCap (type: integer)

67

ProcessorIdleRundown

-

INFO

$Group (type: integer)

$Number (type: integer)

$Type (type: integer)

$StateCount (type: integer)

67

ProcessorIdleRundown

-

INFO

$Group (type: integer)

$Number (type: integer)

$Type (type: integer)

$StateCount (type: integer)

$States (type: integer)

68

ProcessorIdRundown

-

INFO

$Group (type: integer)

$Number (type: integer)

$AcpiId (type: integer)

$InterruptControllerId (type: integer)

68

ProcessorIdRundown

-

INFO

$Group (type: integer)

$Number (type: integer)

$AcpiId (type: integer)

$InterruptControllerId (type: integer)

$ProcessorIndex (type: integer)

69

PepGetPlatformIdleStates

-

INFO

$PlatformIdleStateCount (type: integer)

70

PepGetPlatformIdleStates

-

INFO

$PlatformIdleStateCount (type: integer)

71

PerfCheck

FailedStart

-

$AdjustedCheckTime (type: integer)

72

PlatformIdleAccountingRundown

-

INFO

$StateCount (type: integer)

$ResetCount (type: integer)

$TotalTransitions (type: integer)

$StartTime (type: integer)

$Reserved (type: integer)

$State (type: integer)

$Group (type: integer)

$Number (type: integer)

72

PlatformIdleAccountingRundown

-

INFO

$StateCount (type: integer)

$ResetCount (type: integer)

$TotalTransitions (type: integer)

$StartTime (type: integer)

$Reserved (type: integer)

$State (type: integer)

$Group (type: integer)

$Number (type: integer)

$SelectionCount (type: integer)

$SelectionAccounting (type: string)

73

PlatformParkingPreference

-

INFO

$Group (type: integer)

$Affinity (type: string)

$UnparkCount (type: integer)

$OSPreferencePark (type: string)

$OSPreferenceUnpark (type: string)

$PlatformPreferencePark (type: string)

$PlatformPreferenceUnpark (type: string)

74

LowPowerScenarioChange

-

INFO

$PreviousActiveScenarioId (type: integer)

$NewActiveScenarioId (type: integer)

75

LowPowerScenarioRundown

-

INFO

$CurrentActiveScenarioId (type: integer)

76

LowPowerScenarioInformationRundown

-

INFO

$ScenarioId (type: integer)

$PlatformIdleStateIndex (type: integer)

77

PepGetIdleStatesV2

-

INFO

$Group (type: integer)

$Number (type: integer)

$StateCount (type: integer)

$States (type: integer)

78

PepGetIdleStatesV2Rundown

-

INFO

$Group (type: integer)

$Number (type: integer)

$StateCount (type: integer)

$States (type: integer)

79

PepGetPlatformIdleState

-

INFO

$StateIndex (type: integer)

$InitiatingProcessor (type: integer)

$OneInitiator (type: boolean)

$Latency (type: integer)

$BreakEvenDuration (type: integer)

$DependencyCount (type: integer)

$Dependencies (type: integer)

80

PepGetPlatformIdleStateRundown

-

INFO

$StateIndex (type: integer)

$InitiatingProcessor (type: integer)

$OneInitiator (type: boolean)

$Latency (type: integer)

$BreakEvenDuration (type: integer)

$DependencyCount (type: integer)

$Dependencies (type: integer)

81

DripsAccountingSnapshot

-

INFO

$ScenarioInstanceId (type: integer)

$DripsBucketsCount (type: integer)

$TotalTimes (type: string)

82

PlatformAccountingBucketIntervalsRundown

-

INFO

$IntervalLimitsCount (type: integer)

$IntervalLimits (type: string)

83

PlatformIdleVetoIncrement

-

INFO

$StateIndex (type: integer)

$VetoReason (type: integer)

84

PlatformIdleVetoDecrement

-

INFO

$StateIndex (type: integer)

$VetoReason (type: integer)

85

ProcessorIdleVetoIncrement

-

INFO

$Group (type: integer)

$Number (type: integer)

$StateIndex (type: integer)

$VetoReason (type: integer)

86

ProcessorIdleVetoDecrement

-

INFO

$Group (type: integer)

$Number (type: integer)

$StateIndex (type: integer)

$VetoReason (type: integer)

87

PlatformIdleVetoRundown

-

INFO

$StateIndex (type: integer)

$VetoReason (type: integer)

$VetoCount (type: integer)

88

ProcessorIdleVetoRundown

-

INFO

$Group (type: integer)

$Number (type: integer)

$StateIndex (type: integer)

$VetoReason (type: integer)

$VetoCount (type: integer)

89

StaticPolicyRundown

-

INFO

$PerfBoostAtGuaranteed (type: boolean)

$PerfIdealAggressiveIncreasePolicyThreshold (type: integer)

$PerfSingleStepSize (type: integer)

$PerfCalculateActualUtilization (type: integer)

$PerfArtificialDomain (type: boolean)

$LowLatencyScalingPercentage (type: integer)

$ParkWithCoreGranularity (type: boolean)

$MultiparkGranularity (type: integer)

89

StaticPolicyRundown

-

INFO

$PerfBoostAtGuaranteed (type: boolean)

$PerfIdealAggressiveIncreasePolicyThreshold (type: integer)

$PerfSingleStepSize (type: integer)

$PerfCalculateActualUtilization (type: integer)

$PerfArtificialDomain (type: boolean)

$LowLatencyScalingPercentage (type: integer)

$ParkWithCoreGranularity (type: boolean)

$MultiparkGranularity (type: integer)

$QosManagesIdleProcessors (type: boolean)

$QosHysteresis (type: integer)

90

PerfSelectProcessorState

-

INFO

$Group (type: integer)

$Number (type: integer)

$ResolvedUtilization (type: integer)

$Target (type: integer)

$ResolvedTarget (type: integer)

$Flags (type: integer)

91

VetoNameRundown

-

INFO

$VetoReason (type: integer)

$Name (type: string)

92

PepGetCoordinatedIdleStates

-

INFO

$StateCount (type: integer)

$CoordinatedStates (type: string)

93

PepGetCoordinatedIdleStatesRundown

-

INFO

$StateCount (type: integer)

$CoordinatedStates (type: string)

94

PepGetCoordinatedDependency

-

INFO

$StateIndex (type: integer)

$DependencyIndex (type: integer)

$ProcessorDependency (type: boolean)

$TargetProcessor (type: integer)

$OptionCount (type: integer)

$Options (type: integer)

95

PepGetCoordinatedDependencyRundown

-

INFO

$StateIndex (type: integer)

$DependencyIndex (type: integer)

$ProcessorDependency (type: boolean)

$TargetProcessor (type: integer)

$OptionCount (type: integer)

$Options (type: integer)

96

MediaBufferingNotify

-

INFO

$Engaged (type: boolean)

97

ComputeEnergy

-

INFO

$EfficiencyClass (type: integer)

$EnergyInMicroJoules (type: integer)

98

CoordinatedIdleRundown

-

INFO

$StateCount (type: integer)

$States (type: string)

99

HeteroResponse

-

-

$Group (type: integer)

$Affinity (type: string)

$ProcCount (type: integer)

$ActualUtility (type: integer)

$EstimatedUtility (type: integer)

$ActiveTime (type: integer)

$CheckCount (type: integer)

$Decision (type: integer)

$IdealClass1Count (type: integer)

$ActualClass1Count (type: integer)

$Flags (type: integer)

100

PerfCheck

win:Start

-

$PpmCheckTime (type: integer)

$AdjustedCheckTime (type: integer)

$PipelineId (type: integer)

101

HeteroDistributeUtility

-

-

$Group (type: integer)

$Affinity (type: string)

$Class0FloorPerf (type: integer)

$Class1MinimumPerf (type: integer)

102

ProfileRegistered

-

INFO

$Name (type: string)

$Id (type: integer)

$Priority (type: integer)

$Flags (type: integer)

$Guid (type: string)

$ActiveCount (type: integer)

$MaxActiveDurationInUs (type: integer)

$MinActiveDurationInUs (type: integer)

$TotalActiveDurationInUs (type: integer)

103

ProfileRundown

-

INFO

$Name (type: string)

$Id (type: integer)

$Priority (type: integer)

$Flags (type: integer)

$Guid (type: string)

$ActiveCount (type: integer)

$MaxActiveDurationInUs (type: integer)

$MinActiveDurationInUs (type: integer)

$TotalActiveDurationInUs (type: integer)

104

ProfileChange

-

INFO

$PreviousProfileId (type: integer)

$NextProfileId (type: integer)

105

ProfileSettingChange

-

INFO

$ProfileId (type: integer)

$Name (type: string)

$Type (type: integer)

$Class (type: integer)

$Guid (type: string)

$ValueSize (type: integer)

$Value (type: string)

106

ProfileSettingRundown

-

INFO

$ProfileId (type: integer)

$Name (type: string)

$Type (type: integer)

$Class (type: integer)

$Guid (type: string)

$ValueSize (type: integer)

$Value (type: string)

107

ProfileStatusRundown

-

INFO

$Flags (type: integer)

108

ProfileEnabled

-

INFO

$ProfileId (type: integer)

109

ProfileDisabled

-

INFO

$ProfileId (type: integer)

110

IdleDurationExpiration

-

INFO

$GroupCount (type: integer)

$Group (type: string)

111

DeliveredPerfChange

-

INFO

$Group (type: integer)

$Number (type: integer)

$DeliveredPerformance (type: integer)

111

DeliveredPerfChange

-

INFO

$Group (type: integer)

$Number (type: integer)

$DeliveredPerformance (type: integer)

$DurationInUs (type: integer)

111

DeliveredPerfChange

-

INFO

$Group (type: integer)

$Number (type: integer)

$DeliveredPerformance (type: integer)

$DurationInUs (type: integer)

$DeliveredFrequency (type: integer)

112

ParkSelection

-

-

$Group (type: integer)

$Processors (type: string)

$OldPark (type: string)

$NewPark (type: string)

$OverUtilizedSet (type: string)

$IsolatedCores (type: string)

$IdealUnparked (type: integer)

$UnparkCount (type: integer)

$ParkReason (type: integer)

113

ProcessorEnergyCounter

-

-

$Group (type: integer)

$Number (type: integer)

$CounterId (type: integer)

$CounterValue (type: string)

114

PackageEnergyCounter

-

-

$CounterId (type: integer)

$CounterValue (type: string)

115

ProcessorPreVetoAccountingRundown

-

-

$Group (type: integer)

$Number (type: integer)

$StateIndex (type: integer)

$VetoCodeCount (type: integer)

$Accounting (type: integer)

116

PlatformPreVetoAccountingRundown

-

-

$StateIndex (type: integer)

$VetoCodeCount (type: integer)

$Accounting (type: integer)

117

NotifyCpcHighest

-

INFO

$Group (type: integer)

$Number (type: integer)

118

ProcessorClassUpdate

-

INFO

$Group (type: integer)

$Number (type: integer)

$EfficiencyClass (type: integer)

$SchedulingClass (type: integer)

118

ProcessorClassUpdate

-

INFO

$Group (type: integer)

$Number (type: integer)

$EfficiencyClass (type: integer)

$SchedulingClass (type: integer)

$EfficiencySchedulingClass (type: integer)

119

HeterogeneousPoliciesChanged

-

INFO

$HeterogeneousPolicy (type: integer)

$HeterogeneousSystemType (type: integer)

$DefaultPolicy (type: integer)

$DefaultDynamicPolicy (type: integer)

$DynamicCpuPolicyMask (type: integer)

$DynamicCpuPolicyImportant (type: integer)

$DynamicCpuPolicyImportantShort (type: integer)

$DynamicCpuPolicyImportantPriority (type: integer)

$DynamicCpuPolicyExpectedRuntime (type: integer)

120

HeterogeneousPoliciesRundown

-

INFO

$HeterogeneousPolicy (type: integer)

$HeterogeneousSystemType (type: integer)

$DefaultPolicy (type: integer)

$DefaultDynamicPolicy (type: integer)

$DynamicCpuPolicyMask (type: integer)

$DynamicCpuPolicyImportant (type: integer)

$DynamicCpuPolicyImportantShort (type: integer)

$DynamicCpuPolicyImportantPriority (type: integer)

$DynamicCpuPolicyExpectedRuntime (type: integer)

121

AutonomousModeChange

-

INFO

$Group (type: integer)

$Number (type: integer)

$Autonomous (type: boolean)

122

ProcessorLpiStatesRundown

-

INFO

$Group (type: integer)

$Number (type: integer)

$Revision (type: integer)

$LevelId (type: integer)

$StateCount (type: integer)

$States (type: integer)

123

ProcessorContainerLpiStatesRundown

-

INFO

$NamespacePath (type: string)

$Revision (type: integer)

$LevelId (type: integer)

$StateCount (type: integer)

$States (type: integer)

124

VirtualHeterogeneityRundown

-

INFO

$VirtualHeterogeneitySupported (type: boolean)

$VirtualHeterogeneityOn (type: boolean)

$DisableReasons (type: integer)

125

VirtualHeterogeneitySupportChanged

-

INFO

$VirtualHeterogeneitySupported (type: boolean)

$VirtualHeterogeneityOn (type: boolean)

$DisableReasons (type: integer)

126

QosSupportRundown

-

INFO

$SchedulerDirectedPerfStatesSupported (type: boolean)

$PpmQosEnabled (type: boolean)

$PpmQosDisableReasons (type: integer)

127

QosSupportChanged

-

INFO

$SchedulerDirectedPerfStatesSupported (type: boolean)

$PpmQosEnabled (type: boolean)

$PpmQosDisableReasons (type: integer)

128

PepPerfDomainInfo

-

INFO

$DomainId (type: integer)

$CoordinationType (type: integer)

$IdleProcessorsDiscounted (type: boolean)

$SchedulerDirectedTransitionsSupported (type: boolean)

$WorstCaseTransitionLatency (type: integer)

$WorstCaseTransitionOverhead (type: integer)

128

PepPerfDomainInfo

-

INFO

$DomainId (type: integer)

$CoordinationType (type: integer)

$IdleProcessorsDiscounted (type: boolean)

$SchedulerDirectedTransitionsSupported (type: boolean)

$WorstCaseTransitionLatency (type: integer)

$WorstCaseTransitionOverhead (type: integer)

$AffinitizePerfSet (type: boolean)

129

PepPerfDomainInfoRundown

-

INFO

$DomainId (type: integer)

$CoordinationType (type: integer)

$IdleProcessorsDiscounted (type: boolean)

$SchedulerDirectedTransitionsSupported (type: boolean)

$WorstCaseTransitionLatency (type: integer)

$WorstCaseTransitionOverhead (type: integer)

129

PepPerfDomainInfoRundown

-

INFO

$DomainId (type: integer)

$CoordinationType (type: integer)

$IdleProcessorsDiscounted (type: boolean)

$SchedulerDirectedTransitionsSupported (type: boolean)

$WorstCaseTransitionLatency (type: integer)

$WorstCaseTransitionOverhead (type: integer)

$AffinitizePerfSet (type: boolean)

130

HgsUpdate

-

INFO

131

ParkNodeClassRecordedStats

-

-

$Group (type: integer)

$Affinity (type: string)

$Class (type: integer)

$DistributeCores (type: integer)

$HistogramSize (type: integer)

$ConcurrencyHistogram (type: integer)

132

ParkNodeParkHintChange

-

-

$Group (type: integer)

$Affinity (type: string)

$ParkHint (type: string)

133

HiddenProcessorPerfRundown

-

INFO

$DomainMasterGroup (type: integer)

$DomainMasterNumber (type: integer)

$ProcessorId (type: integer)

$BiosCap (type: integer)

$ThermalCap (type: integer)

134

HiddenProcessorBiosCapChange

-

INFO

$DomainMasterGroup (type: integer)

$DomainMasterNumber (type: integer)

$ProcessorId (type: integer)

$Cap (type: integer)

135

HiddenProcessorThermalCapChange

-

INFO

$DomainMasterGroup (type: integer)

$DomainMasterNumber (type: integer)

$ProcessorId (type: integer)

$Cap (type: integer)

136

PerfStatesDegraded

-

ERROR

Microsoft-Windows-NetworkSecurity

801

task_0

-

-

$SaContextID (type: integer)

$Reason (type: integer)

802

task_0

-

-

$SaContextID (type: integer)

$Result (type: integer)

803

task_0

-

-

$SaContextID (type: integer)

$LocalAddr (type: string)

$LocalMask (type: string)

$LocalPort (type: integer)

$RemoteAddress (type: string)

$RemoteMask (type: string)

$RemotePort (type: integer)

$IPProtocol (type: integer)

$LocalTunnelEndpt (type: string)

$RemoteTunnelEndpt (type: string)

804

task_0

-

-

$SaContextID (type: integer)

805

task_0

-

-

$SaContextID (type: integer)

$SPI (type: integer)

806

SaContextOperation

win:Start

-

807

SaContextOperation

win:Stop

-

808

SaContextOperation

-

-

$SaContextID (type: integer)

Microsoft-Windows-Power-Meter-Polling

1

PowerMeterRundown

-

INFO

$MeterId (type: string)

$DefaultSamplingPeriodInMs (type: integer)

$MeterNameLength (type: integer)

$MeterName (type: string)

$MeteredHardwareCount (type: integer)

$MeteredHardwareName (type: string)

2

EnergyMeterRundown

-

INFO

$MeterId (type: string)

$DefaultSamplingPeriodInMs (type: integer)

$ChannelNameLength (type: integer)

$ChannelName (type: string)

3

PowerMeterData

-

INFO

$MeterId (type: string)

$Value (type: integer)

4

EnergyMeterData

-

INFO

$MeterId (type: string)

$AbsoluteEnergy (type: integer)

$AbsoluteTime (type: integer)

5

SamplingPeriodRundown

-

INFO

$MeterType (type: integer)

$PeriodInMs (type: integer)

6

SamplingPeriodChange

-

INFO

$MeterType (type: integer)

$PeriodInMs (type: integer)

Microsoft-Windows-Power-Troubleshooter

1

task_0

-

INFO

$SleepTime (type: string)

$WakeTime (type: string)

$SleepDuration (type: integer)

$WakeDuration (type: integer)

$DriverInitDuration (type: integer)

$BiosInitDuration (type: integer)

$HiberWriteDuration (type: integer)

$HiberReadDuration (type: integer)

$HiberPagesWritten (type: integer)

$Attributes (type: integer)

$TargetState (type: integer)

$EffectiveState (type: integer)

$WakeSourceType (type: integer)

$WakeSourceTextLength (type: integer)

$WakeSourceText (type: string)

1

task_0

-

INFO

$SleepTime (type: string)

$WakeTime (type: string)

$SleepDuration (type: integer)

$WakeDuration (type: integer)

$DriverInitDuration (type: integer)

$BiosInitDuration (type: integer)

$HiberWriteDuration (type: integer)

$HiberReadDuration (type: integer)

$HiberPagesWritten (type: integer)

$Attributes (type: integer)

$TargetState (type: integer)

$EffectiveState (type: integer)

$WakeSourceType (type: integer)

$WakeSourceTextLength (type: integer)

$WakeSourceText (type: string)

$WakeTimerOwnerLength (type: integer)

$WakeTimerContextLength (type: integer)

$WakeTimerOwner (type: string)

$WakeTimerContext (type: string)

1

task_0

-

INFO

$SleepTime (type: string)

$WakeTime (type: string)

$SleepDuration (type: integer)

$WakeDuration (type: integer)

$DriverInitDuration (type: integer)

$BiosInitDuration (type: integer)

$HiberWriteDuration (type: integer)

$HiberReadDuration (type: integer)

$HiberPagesWritten (type: integer)

$Attributes (type: integer)

$TargetState (type: integer)

$EffectiveState (type: integer)

$WakeSourceType (type: integer)

$WakeSourceTextLength (type: integer)

$WakeSourceText (type: string)

$WakeTimerOwnerLength (type: integer)

$WakeTimerContextLength (type: integer)

$NoMultiStageResumeReason (type: integer)

$WakeTimerOwner (type: string)

$WakeTimerContext (type: string)

Microsoft-Windows-PowerCfg

101

PowerCpl_LoadAdvancedUI

win:Start

INFO

102

PowerCpl_LoadAdvancedUI

win:Stop

INFO

103

PowerCpl_SelectPlan

win:Start

INFO

104

PowerCpl_SelectPlan

win:Stop

INFO

105

PowerCpl_SaveAll

win:Start

INFO

106

PowerCpl_SaveAll

win:Stop

INFO

107

PowerCpl_SettingInit

win:Start

INFO

108

PowerCpl_SettingInit

win:Stop

INFO

109

PowerCpl_ShowHelp

win:Start

INFO

110

PowerCpl_ShowHelp

win:Stop

INFO

111

PowerCpl_ExpandOrContractSetting

win:Start

INFO

112

PowerCpl_ExpandOrContractSetting

win:Stop

INFO

113

PowerCpl_HoverSetting

win:Start

INFO

114

PowerCpl_HoverSetting

win:Stop

INFO

115

PowerCpl_SpinnerOverrideTime

win:Start

INFO

116

PowerCpl_SpinnerOverrideTime

win:Stop

INFO

117

PowerCpl_ComboOverrideTime

win:Start

INFO

118

PowerCpl_ComboOverrideTime

win:Stop

INFO

119

PowerCpl_ShowGroupPolicy

win:Start

INFO

120

PowerCpl_ShowGroupPolicy

win:Stop

INFO

Microsoft-Windows-PowerCpl

101

PowerCpl_InitializePage

win:Start

INFO

102

PowerCpl_InitializePage

win:Stop

INFO

103

PowerCpl_Initialize

win:Start

INFO

104

PowerCpl_Initialize

win:Stop

INFO

105

PowerCpl_InitializePage

win:Start

INFO

106

PowerCpl_InitializePage

win:Stop

INFO

107

PowerCpl_InitializePage

win:Start

INFO

108

PowerCpl_InitializePage

win:Stop

INFO

109

PowerCpl_InitializePage

win:Start

INFO

110

PowerCpl_InitializePage

win:Stop

INFO

111

PowerCpl_InitializePage

win:Start

INFO

112

PowerCpl_InitializePage

win:Stop

INFO

113

PowerCpl_InitPlanList

win:Start

INFO

114

PowerCpl_InitPlanList

win:Stop

INFO

115

PowerCpl_InitBrightness

win:Start

INFO

116

PowerCpl_InitBrightness

win:Stop

INFO

117

PowerCpl_UpdatePage

win:Start

INFO

118

PowerCpl_UpdatePage

win:Stop

INFO

119

PowerCpl_Launch

win:Stop

INFO

120

PowerCpl_InitializeCreateNewPlanPage

win:Start

INFO

121

PowerCpl_InitializeCreateNewPlanPage

win:Stop

INFO

122

PowerCpl_InitializeGlobalSettingsPage

win:Start

INFO

123

PowerCpl_InitializeGlobalSettingsPage

win:Stop

INFO

124

PowerCpl_InitializePlanSettingsPage

win:Start

INFO

125

PowerCpl_InitializePlanSettingsPage

win:Stop

INFO

126

PowerCpl_InitializePowerPlansPage

win:Start

INFO

127

PowerCpl_InitializePowerPlansPage

win:Stop

INFO

Microsoft-Windows-PowerShell-DesiredStateConfiguration-FileDownloadManager

4097

ValidaterequestinFileDownloadManager

-

INFO

$ExceptionSeen (type: string)

4098

DownloadrequestinFileDownloadManager

-

INFO

$ExceptionSeen (type: string)

4099

DownloadrequestinFileDownloadManager

-

ERROR

$FileName (type: string)

4100

ValidaterequestinFileDownloadManager

-

ERROR

$FileName (type: string)

4101

DownloadrequestinFileDownloadManager

-

ERROR

$FileName (type: string)

4102

DownloadrequestinFileDownloadManager

-

ERROR

$FileName (type: string)

4103

ValidaterequestinFileDownloadManager

-

ERROR

$FileName (type: string)

4104

ValidaterequestinFileDownloadManager

-

INFO

$Checksum (type: string)

$FileName (type: string)

4106

ValidaterequestinFileDownloadManager

-

ERROR

$FileName (type: string)

4107

ValidaterequestinFileDownloadManager

-

ERROR

$GeneratedChecksum (type: string)

$ExpectedChecksum (type: string)

$FileName (type: string)

4108

ValidaterequestinFileDownloadManager

-

INFO

$FileName (type: string)

4109

ValidaterequestinFileDownloadManager

-

ERROR

$FileName (type: string)

4110

ValidaterequestinFileDownloadManager

-

INFO

$FileName (type: string)

4111

DownloadrequestinFileDownloadManager

-

INFO

$SourceFile (type: string)

$DestFile (type: string)

4112

DownloadrequestinFileDownloadManager

-

ERROR

$FileName (type: string)

4113

DownloadrequestinFileDownloadManager

-

INFO

$FileName (type: string)

4114

DownloadrequestinFileDownloadManager

-

INFO

$FileName (type: string)

4115

DownloadrequestinFileDownloadManager

-

INFO

$FileName (type: string)

4116

DownloadrequestinFileDownloadManager

-

INFO

$FileName (type: string)

4117

DownloadrequestinFileDownloadManager

-

ERROR

$FileName (type: string)

4118

ValidaterequestinFileDownloadManager

-

ERROR

$ExceptionSeen (type: string)

4119

DownloadrequestinFileDownloadManager

-

ERROR

$ExceptionSeen (type: string)

4120

DownloadrequestinFileDownloadManager

-

ERROR

$FileName (type: string)

Microsoft-Windows-PowerShell

4097

Connect

Tobeusedwhenoperationisjustexecutingamethod

-

4098

Connect

Tobeusedwhenoperationisjustexecutingamethod

-

4099

Connect

Tobeusedwhenoperationisjustexecutingamethod

-

4100

None

Tobeusedwhenanexceptionisraised

INFO

$ContextInfo (type: string)

$UserData (type: string)

$Payload (type: string)

4101

None

Tobeusedwhenanexceptionisraised

INFO

$ContextInfo (type: string)

$UserData (type: string)

$Payload (type: string)

4102

None

Tobeusedwhenanexceptionisraised

INFO

$ContextInfo (type: string)

$UserData (type: string)

$Payload (type: string)

4103

None

Tobeusedwhenanexceptionisraised

INFO

$ContextInfo (type: string)

$UserData (type: string)

$Payload (type: string)

4104

StartingCommand

Oncreatecalls

-

$MessageNumber (type: integer)

$MessageTotal (type: integer)

$ScriptBlockText (type: string)

$ScriptBlockId (type: string)

$Path (type: string)

4105

StartingCommand

Open(async)

-

$ScriptBlockId (type: string)

$RunspaceId (type: string)

4106

StoppingCommand

Close(Async)

-

$ScriptBlockId (type: string)

$RunspaceId (type: string)

7937

None

Tobeusedwhenoperationisjustexecutingamethod

INFO

$ContextInfo (type: string)

$UserData (type: string)

$Payload (type: string)

7938

None

Tobeusedwhenoperationisjustexecutingamethod

INFO

$ContextInfo (type: string)

$UserData (type: string)

$Payload (type: string)

7939

None

Tobeusedwhenoperationisjustexecutingamethod

INFO

$ContextInfo (type: string)

$UserData (type: string)

$Payload (type: string)

7940

None

Tobeusedwhenoperationisjustexecutingamethod

INFO

$ContextInfo (type: string)

$UserData (type: string)

$Payload (type: string)

7941

task_0

Tobeusedwhenoperationisjustexecutingamethod

-

$currentActivityId (type: string)

$parentActivityId (type: string)

7942

None

Tobeusedwhenoperationisjustexecutingamethod

INFO

$ClassName (type: string)

$MethodName (type: string)

$WorkflowGuid (type: string)

$Message (type: string)

$JobData (type: string)

$ActivityName (type: string)

$ActivityGuid (type: string)

$Parameters (type: string)

8193

Connect

tobeusedwhenanobjectisconstructed

-

$param1 (type: string)

8194

Connect

tobeusedwhenanobjectisconstructed

-

$InstanceId (type: string)

$MaxRunspaces (type: string)

$MinRunspaces (type: string)

8195

Connect

Open(async)

-

8196

Connect

Open(async)

-

8197

Connect

Open(async)

-

$param1 (type: string)

8198

Connect

Open(async)

-

$param1 (type: string)

$param2 (type: string)

$param3 (type: string)

12033

Connect

Tobeusedwhenoperationisjustexecutingamethod

-

$param1 (type: string)

12034

Connect

Tobeusedwhenoperationisjustexecutingamethod

-

$param1 (type: string)

12035

Connect

Tobeusedwhenoperationisjustexecutingamethod

-

$param1 (type: string)

12036

Connect

Tobeusedwhenoperationisjustexecutingamethod

-

$param1 (type: string)

12037

Connect

Tobeusedwhenoperationisjustexecutingamethod

INFO

12038

Connect

Tobeusedwhenoperationisjustexecutingamethod

INFO

$uri (type: string)

$shell (type: string)

$userName (type: string)

$opentimeout (type: string)

$idletimeout (type: string)

$canceltimeout (type: string)

$auth (type: integer)

$thumbPrint (type: string)

$redircount (type: string)

$recvdDataSize (type: string)

$recvdObjSize (type: string)

12039

Connect

Open(async)

-

24577

PowerShellISEOperation

-

INFO

$FileName (type: string)

24578

PowerShellISEOperation

-

INFO

$FileName (type: string)

24579

PowerShellISEOperation

-

INFO

24580

PowerShellISEOperation

-

INFO

24581

PowerShellISEOperation

-

INFO

24582

PowerShellISEOperation

-

INFO

24583

PowerShellISEOperation

-

INFO

24584

PowerShellISEOperation

-

INFO

24592

PowerShellISEOperation

-

INFO

24593

None

-

INFO

24594

PowerShellISEOperation

-

INFO

24595

PowerShellISEOperation

-

INFO

$CurrentLine (type: integer)

$FileName (type: string)

24596

PowerShellISEOperation

-

INFO

$CurrentLine (type: integer)

$FileName (type: string)

24597

PowerShellISEOperation

-

INFO

$CurrentLine (type: integer)

$FileName (type: string)

24598

PowerShellISEOperation

-

INFO

$CurrentLine (type: integer)

$FileName (type: string)

24599

PowerShellISEOperation

-

INFO

$CurrentLine (type: integer)

$FileName (type: string)

28673

Serializeordeserializeremotingpayload

Rehydration

-

$DeserializedType (type: string)

$CastedToType (type: string)

$RehydratedType (type: string)

28674

Serializeordeserializeremotingpayload

Rehydration

ERROR

$DeserializedType (type: string)

$CastedToType (type: string)

$TypeCastException (type: string)

$TypeCastInnerException (type: string)

28675

Serializeordeserializeremotingpayload

Serializationsettings

-

$SerializedType (type: string)

$OriginalDepth (type: integer)

$OverridenDepth (type: integer)

$CurrentDepthBelowTopLevel (type: integer)

28676

Serializeordeserializeremotingpayload

Serializationsettings

-

$SerializedType (type: string)

$OverridenMode (type: integer)

28677

Serializeordeserializeremotingpayload

Tobeusedwhenanexceptionisraised

WARNING

$PropertyName (type: string)

$PropertyOwnerType (type: string)

$GetterScript (type: string)

28678

Serializeordeserializeremotingpayload

Tobeusedwhenanexceptionisraised

WARNING

$PropertyName (type: string)

$PropertyOwnerType (type: string)

$Exception (type: string)

$InnerException (type: string)

28679

Serializeordeserializeremotingpayload

Tobeusedwhenanexceptionisraised

WARNING

$TypeBeingEnumerated (type: string)

$Exception (type: string)

28680

Serializeordeserializeremotingpayload

Tobeusedwhenanexceptionisraised

WARNING

$Type (type: string)

$Exception (type: string)

28682

Serializeordeserializeremotingpayload

Tobeusedwhenanexceptionisraised

ERROR

$TypeOfObjectAtMaxDepth (type: string)

$PropertyNameAtMaxDepth (type: string)

$Depth (type: integer)

28683

Serializeordeserializeremotingpayload

Tobeusedwhenanexceptionisraised

ERROR

$LineNumber (type: integer)

$LinePosition (type: integer)

$Exception (type: string)

28684

Serializeordeserializeremotingpayload

Tobeusedwhenanexceptionisraised

WARNING

$TypeOfObjectWithMissingProperty (type: string)

$PropertyName (type: string)

32769

task_0

Receive(Async)

INFO

$Runspace_InstanceId (type: string)

$PowerShell_InstanceId (type: string)

$Destination (type: integer)

$DataType (type: integer)

$TargetInterface (type: integer)

32775

task_0

Open(async)

ERROR

$param1 (type: string)

$param2 (type: string)

$param3 (type: string)

32776

task_0

Open(async)

ERROR

$SessionId (type: string)

$PipelineId (type: string)

$ErrorCode (type: string)

$ErrorMessage (type: string)

$StackTrace (type: string)

32777

task_0

Open(async)

ERROR

$param1 (type: string)

$param2 (type: string)

$param3 (type: string)

32784

task_0

Open(async)

ERROR

$SessionId (type: string)

$PipelineId (type: string)

$ErrorCode (type: string)

$ErrorMessage (type: string)

$StackTrace (type: string)

32785

task_0

connect

INFO

$param1 (type: string)

32786

task_0

connect

INFO

$param1 (type: string)

32787

task_0

Disconnect

INFO

$param1 (type: string)

32788

task_0

Disconnect

INFO

$param1 (type: string)

32789

task_0

Send(Async)

INFO

$SessionId (type: string)

$PipelineId (type: string)

$DataSize (type: string)

32790

task_0

Send(Async)

INFO

$SessionId (type: string)

$PipelineId (type: string)

32791

task_0

Receive(Async)

INFO

$SessionId (type: string)

$PipelineId (type: string)

32792

task_0

Receive(Async)

INFO

$SessionId (type: string)

$PipelineId (type: string)

$DataSize (type: string)

32793

task_0

connect

INFO

$SessionId (type: string)

$PipelineId (type: string)

32800

task_0

connect

INFO

$SessionId (type: string)

$PipelineId (type: string)

32801

task_0

Disconnect

INFO

$SessionId (type: string)

$PipelineId (type: string)

32802

task_0

Disconnect

INFO

$SessionId (type: string)

$PipelineId (type: string)

32803

task_0

Disconnect

INFO

$SessionId (type: string)

$PipelineId (type: string)

$SignalCode (type: string)

32804

task_0

Disconnect

INFO

$SessionId (type: string)

$PipelineId (type: string)

32805

task_0

connect

INFO

$SessionId (type: string)

$Uri (type: string)

32849

task_0

Send(Async)

INFO

$Runspace_InstanceId (type: string)

$PowerShell_InstanceId (type: string)

$DataSize (type: string)

$DataType (type: integer)

$TargetInterface (type: integer)

32850

task_0

connect

INFO

$param1 (type: string)

$param2 (type: string)

$param3 (type: string)

32851

task_0

connect

INFO

$param1 (type: string)

$param2 (type: string)

32852

task_0

connect

INFO

$param1 (type: string)

$param2 (type: string)

$param3 (type: string)

$param4 (type: string)

32853

task_0

connect

INFO

$param1 (type: string)

$param2 (type: string)

32854

task_0

Disconnect

INFO

$param1 (type: string)

$param2 (type: string)

$param3 (type: string)

32855

task_0

Open(async)

INFO

$param1 (type: string)

$param2 (type: string)

$param3 (type: string)

32856

task_0

Open(async)

INFO

$param1 (type: string)

$param2 (type: string)

$param3 (type: string)

32857

task_0

Disconnect

INFO

$param1 (type: string)

$param2 (type: string)

$param3 (type: string)

32865

task_0

connect

INFO

$param1 (type: string)

$param2 (type: string)

32866

task_0

connect

INFO

$param1 (type: string)

$param2 (type: string)

32867

task_0

Receive(Async)

-

$ObjectId (type: integer)

$FragmentId (type: integer)

$sFlag (type: integer)

$eFlag (type: integer)

$FragmentLength (type: integer)

$FragmentPayload (type: string)

32868

task_0

Send(Async)

-

$ObjectId (type: integer)

$FragmentId (type: integer)

$sFlag (type: integer)

$eFlag (type: integer)

$FragmentLength (type: integer)

$FragmentPayload (type: string)

32869

task_0

Shuttingdown

-

40961

PowerShellConsoleStartup

win:Start

INFO

40962

PowerShellConsoleStartup

win:Stop

INFO

45057

None

Tobeusedwhenanexceptionisraised

ERROR

$Message (type: string)

$Category (type: string)

$Reason (type: string)

$TargetName (type: string)

$FullyQualifiedErrorId (type: string)

$ExceptionMessage (type: string)

$ExceptionStackTrace (type: string)

$ExceptionInnerException (type: string)

45058

None

Tobeusedwhenanexceptionisraised

ERROR

$param1 (type: string)

$param2 (type: string)

$param3 (type: string)

45059

None

Tobeusedwhenoperationisjustexecutingamethod

INFO

45060

None

Tobeusedwhenoperationisjustexecutingamethod

INFO

$Id (type: string)

$InstanceId (type: string)

$Name (type: string)

$Location (type: string)

$State (type: string)

$Command (type: string)

45061

None

-

INFO

$param1 (type: string)

45062

None

Tobeusedwhenoperationisjustexecutingamethod

INFO

$uri (type: string)

$shell (type: string)

$userName (type: string)

$opentimeout (type: string)

$idletimeout (type: string)

$canceltimeout (type: string)

$auth (type: integer)

$thumbPrint (type: string)

$redircount (type: string)

$recvdDataSize (type: string)

$recvdObjSize (type: string)

45063

WorkflowHosting

Tobeusedwhenoperationisjustexecutingamethod

-

$endpointName (type: string)

$user (type: string)

$hostingMode (type: string)

$protocol (type: string)

$configuration (type: string)

45064

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$workflowId (type: string)

$managedNodes (type: string)

45065

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$workflowId (type: string)

$newState (type: string)

$oldState (type: string)

45072

WorkflowHosting

Tobeusedwhenoperationisjustexecutingamethod

-

$endpointName (type: string)

45073

WorkflowHosting

Tobeusedwhenoperationisjustexecutingamethod

-

$endpointName (type: string)

45074

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$workflowId (type: string)

45075

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$endpointName (type: string)

$configName (type: string)

$allowedValue (type: string)

$valueInQuestion (type: string)

45076

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$workflowId (type: string)

45078

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$workflowId (type: string)

$managedNode (type: string)

45079

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$workflowId (type: string)

$activityName (type: string)

45080

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$activityName (type: string)

$activityTypeName (type: string)

45081

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$workflowId (type: string)

$xamlFile (type: string)

45082

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$workflowId (type: string)

$xamlFile (type: string)

45083

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$workflowId (type: string)

$errorDescription (type: string)

45084

WorkflowValidation

Tobeusedwhenoperationisjustexecutingamethod

-

$workflowId (type: string)

45085

WorkflowValidation

Tobeusedwhenoperationisjustexecutingamethod

-

$workflowId (type: string)

45086

WorkflowValidation

Tobeusedwhenoperationisjustexecutingamethod

-

$workflowId (type: string)

45087

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$workflowId (type: string)

$activityDisplayName (type: string)

$activityType (type: string)

45088

WorkflowValidation

Tobeusedwhenoperationisjustexecutingamethod

-

$workflowId (type: string)

$activityDisplayName (type: string)

$activityType (type: string)

45089

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$workflowId (type: string)

$activityName (type: string)

$failureDescription (type: string)

45090

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$runspaceId (type: string)

$availability (type: string)

45091

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$runspaceId (type: string)

$newState (type: string)

$oldState (type: string)

45092

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$workflowId (type: string)

45093

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$workflowId (type: string)

45094

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$workflowId (type: string)

45095

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$workflowId (type: string)

45096

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$workflowId (type: string)

45097

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$workflowId (type: string)

$path (type: string)

45098

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$workflowId (type: string)

$path (type: string)

45100

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$jobId (type: string)

45101

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$jobId (type: integer)

$workflowId (type: string)

$newState (type: string)

$oldState (type: string)

45102

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$jobId (type: integer)

$workflowId (type: string)

$errorDescription (type: string)

45104

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$parentJobId (type: string)

$childJobId (type: string)

$childWorkflowId (type: string)

45105

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$jobId (type: string)

45106

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$jobId (type: string)

$workflowId (type: string)

45107

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$parentJobId (type: string)

$childJobId (type: string)

$workflowId (type: string)

45108

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$parentJobId (type: string)

$childJobId (type: string)

$workflowId (type: string)

$error (type: string)

45109

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$workflowId (type: string)

45110

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$workflowId (type: string)

45111

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$workflowId (type: string)

45112

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$workflowId (type: string)

$reason (type: string)

45113

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$workflowId (type: string)

45114

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$workflowId (type: string)

45115

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$workflowId (type: string)

45116

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$workflowId (type: string)

$errorDescription (type: string)

45117

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$workflowId (type: string)

$persistPath (type: string)

45118

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$workflowId (type: string)

45119

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$activityName (type: string)

45120

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$workflowId (type: string)

$errorDescription (type: string)

45121

Configuration

Tobeusedwhenoperationisjustexecutingamethod

-

$endpointName (type: string)

$endpointType (type: string)

$registeredBy (type: string)

45122

Configuration

Tobeusedwhenoperationisjustexecutingamethod

-

$endpointName (type: string)

$modifiedBy (type: string)

45123

Configuration

Tobeusedwhenoperationisjustexecutingamethod

-

$endpointName (type: string)

$unregisteredBy (type: string)

45124

Configuration

Tobeusedwhenoperationisjustexecutingamethod

-

$endpointName (type: string)

$disabledBy (type: string)

45125

Configuration

Tobeusedwhenoperationisjustexecutingamethod

-

$endpointName (type: string)

$enabledBy (type: string)

45126

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$command (type: string)

45127

WorkflowExecution

Tobeusedwhenoperationisjustexecutingamethod

-

$parameters (type: string)

$computers (type: string)

45128

WorkflowHosting

Tobeusedwhenoperationisjustexecutingamethod

-

$endpointName (type: string)

45129

None

-

INFO

$checkpointPath (type: string)

$configProviderId (type: string)

$userName (type: string)

$path (type: string)

46337

None

-

INFO

$TrackingId (type: string)

46338

None

-

INFO

$TrackingId (type: string)

46339

None

-

INFO

$TrackingId (type: string)

46340

None

-

INFO

$TrackingId (type: string)

46341

None

-

INFO

$TrackingId (type: string)

$ContainerParentJobInstanceId (type: string)

46342

None

-

INFO

$WorkflowJobJobInstanceId (type: string)

46343

None

-

INFO

$WorkflowJobJobInstanceId (type: string)

46344

None

-

INFO

$WorkflowJobJobInstanceId (type: string)

46345

None

-

INFO

$WorkflowJobJobInstanceId (type: string)

46346

None

-

INFO

$WorkflowJobInstanceId (type: string)

$ContainerParentJobInstanceId (type: string)

46347

None

-

INFO

$ProxyJobInstanceId (type: string)

$ContainerParentJobInstanceId (type: string)

46348

None

-

INFO

$ContainerParentJobInstanceId (type: string)

46349

None

-

INFO

$ContainerParentJobInstanceId (type: string)

46350

None

-

INFO

$ProxyJobInstanceId (type: string)

46351

None

-

INFO

$ProxyJobInstanceId (type: string)

46352

None

-

INFO

$ProxyJobInstanceId (type: string)

46353

None

-

INFO

$ProxyJobInstanceId (type: string)

46354

None

-

INFO

$ProxyChildJobInstanceId (type: string)

46355

None

-

INFO

$ProxyChildJobInstanceId (type: string)

46356

None

-

INFO

46357

None

-

INFO

46358

None

-

WARNING

49152

None

-

INFO

$message (type: string)

49153

None

-

INFO

$param1 (type: string)

$param2 (type: string)

53249

PowerShellScheduledJobs

Tobeusedwhenoperationisjustexecutingamethod

INFO

$ScheduledJobDefName (type: string)

$StartTime (type: string)

53250

PowerShellScheduledJobs

Tobeusedwhenoperationisjustexecutingamethod

INFO

$ScheduledJobDefName (type: string)

$StopTime (type: string)

$State (type: string)

53251

PowerShellScheduledJobs

Tobeusedwhenanexceptionisraised

ERROR

$Name (type: string)

$Message (type: string)

$StackTrace (type: string)

$InnerException (type: string)

53504

PowerShellNamedPipeIPC

Open(async)

-

$param1 (type: string)

$param2 (type: string)

53505

PowerShellNamedPipeIPC

Close(Async)

-

$param1 (type: string)

$param2 (type: string)

53506

PowerShellNamedPipeIPC

Tobeusedwhenanexceptionisraised

-

$param1 (type: string)

$param2 (type: string)

$param3 (type: string)

53507

PowerShellNamedPipeIPC

connect

-

$param1 (type: string)

$param2 (type: string)

$param3 (type: string)

53508

PowerShellNamedPipeIPC

Close(Async)

-

$param1 (type: string)

$param2 (type: string)

$param3 (type: string)

Microsoft-Windows-RPC-FirewallManager

2

task_0

opcode_128

-

$FilterKey (type: string)

$ErrorStatus (type: string)

3

task_0

opcode_128

-

$FilterKey (type: string)

$ErrorStatus (type: string)

4

task_0

opcode_128

-

$FilterKey (type: string)

$ErrorStatus (type: string)

Microsoft-Windows-Security-Audit-Configuration-Client

100

task_0

win:Start

INFO

101

task_0

win:Stop

ERROR

$ErrorCode (type: integer)

102

task_0

-

INFO

$GPOList (type: string)

103

task_0

win:Start

INFO

104

task_0

-

ERROR

$ErrorCode (type: integer)

105

task_0

-

INFO

$GPOName (type: string)

$GPOID (type: string)

$SysvolPath (type: string)

106

task_0

-

INFO

$RemoteFile (type: string)

$LocalFile (type: string)

$GPOName (type: string)

107

task_0

-

ERROR

$RemoteFile (type: string)

$LocalFile (type: string)

$GPOName (type: string)

$ErrorCode (type: integer)

108

task_0

-

INFO

109

task_0

-

ERROR

$ErrorCode (type: integer)

110

task_0

-

INFO

111

task_0

-

ERROR

$ErrorCode (type: integer)

112

task_0

win:Stop

INFO

113

task_0

win:Stop

ERROR

$ErrorCode (type: integer)

114

task_0

-

INFO

115

task_0

-

ERROR

$ErrorCode (type: integer)

200

task_0

win:Start

INFO

201

task_0

win:Stop

ERROR

$ErrorCode (type: integer)

202

task_0

-

INFO

$GPOList (type: string)

203

task_0

win:Start

INFO

204

task_0

-

ERROR

$ErrorCode (type: integer)

205

task_0

-

INFO

$GPOName (type: string)

$GPOID (type: string)

$SysvolPath (type: string)

206

task_0

-

INFO

$RemoteFile (type: string)

$LocalFile (type: string)

$GPOName (type: string)

207

task_0

-

ERROR

$RemoteFile (type: string)

$LocalFile (type: string)

$GPOName (type: string)

$ErrorCode (type: integer)

208

task_0

-

INFO

209

task_0

-

ERROR

$ErrorCode (type: integer)

210

task_0

-

INFO

211

task_0

-

ERROR

$ErrorCode (type: integer)

212

task_0

win:Stop

INFO

213

task_0

win:Stop

ERROR

$ErrorCode (type: integer)

214

task_0

-

INFO

215

task_0

-

ERROR

$ErrorCode (type: integer)

Microsoft-Windows-Security-Auditing

4608

task_0

-

INFO

4609

task_0

-

INFO

4610

task_0

-

INFO

$AuthenticationPackageName (type: string)

4611

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$LogonProcessName (type: string)

4612

task_0

-

INFO

$AuditsDiscarded (type: integer)

4614

task_0

-

INFO

$NotificationPackageName (type: string)

4615

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$InvalidCallName (type: string)

$ServerPortName (type: string)

$ProcessId (type: string)

$ProcessName (type: string)

4616

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PreviousDate (type: string)

$PreviousTime (type: string)

$NewDate (type: string)

$NewTime (type: string)

$ProcessId (type: string)

$ProcessName (type: string)

4616

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PreviousTime (type: string)

$NewTime (type: string)

$ProcessId (type: string)

$ProcessName (type: string)

4618

task_0

-

INFO

$EventId (type: integer)

$ComputerName (type: string)

$TargetUserSid (type: string)

$TargetUserName (type: string)

$TargetUserDomain (type: string)

$TargetLogonId (type: string)

$EventCount (type: integer)

$Duration (type: string)

4621

task_0

-

INFO

$CrashOnAuditFailValue (type: string)

4622

task_0

-

INFO

$SecurityPackageName (type: string)

4624

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$TargetUserSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetLogonId (type: string)

$LogonType (type: integer)

$LogonProcessName (type: string)

$AuthenticationPackageName (type: string)

$WorkstationName (type: string)

$LogonGuid (type: string)

$TransmittedServices (type: string)

$LmPackageName (type: string)

$KeyLength (type: integer)

$ProcessId (type: string)

$ProcessName (type: string)

$IpAddress (type: string)

$IpPort (type: string)

4624

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$TargetUserSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetLogonId (type: string)

$LogonType (type: integer)

$LogonProcessName (type: string)

$AuthenticationPackageName (type: string)

$WorkstationName (type: string)

$LogonGuid (type: string)

$TransmittedServices (type: string)

$LmPackageName (type: string)

$KeyLength (type: integer)

$ProcessId (type: string)

$ProcessName (type: string)

$IpAddress (type: string)

$IpPort (type: string)

$ImpersonationLevel (type: string)

4624

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$TargetUserSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetLogonId (type: string)

$LogonType (type: integer)

$LogonProcessName (type: string)

$AuthenticationPackageName (type: string)

$WorkstationName (type: string)

$LogonGuid (type: string)

$TransmittedServices (type: string)

$LmPackageName (type: string)

$KeyLength (type: integer)

$ProcessId (type: string)

$ProcessName (type: string)

$IpAddress (type: string)

$IpPort (type: string)

$ImpersonationLevel (type: string)

$RestrictedAdminMode (type: string)

$TargetOutboundUserName (type: string)

$TargetOutboundDomainName (type: string)

$VirtualAccount (type: string)

$TargetLinkedLogonId (type: string)

$ElevatedToken (type: string)

4625

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$TargetUserSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$Status (type: string)

$FailureReason (type: string)

$SubStatus (type: string)

$LogonType (type: integer)

$LogonProcessName (type: string)

$AuthenticationPackageName (type: string)

$WorkstationName (type: string)

$TransmittedServices (type: string)

$LmPackageName (type: string)

$KeyLength (type: integer)

$ProcessId (type: string)

$ProcessName (type: string)

$IpAddress (type: string)

$IpPort (type: string)

4626

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$TargetUserSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetLogonId (type: string)

$LogonType (type: integer)

$EventIdx (type: integer)

$EventCountTotal (type: integer)

$UserClaims (type: string)

$DeviceClaims (type: string)

4627

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$TargetUserSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetLogonId (type: string)

$LogonType (type: integer)

$EventIdx (type: integer)

$EventCountTotal (type: integer)

$GroupMembership (type: string)

4634

task_0

-

INFO

$TargetUserSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetLogonId (type: string)

$LogonType (type: integer)

4646

task_0

-

INFO

$notification (type: string)

4647

task_0

-

INFO

$TargetUserSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetLogonId (type: string)

4648

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$LogonGuid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetLogonGuid (type: string)

$TargetServerName (type: string)

$TargetInfo (type: string)

$ProcessId (type: string)

$ProcessName (type: string)

$IpAddress (type: string)

$IpPort (type: string)

4649

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$RequestType (type: string)

$LogonProcessName (type: string)

$AuthenticationPackage (type: string)

$WorkstationName (type: string)

$TransmittedServices (type: string)

$ProcessId (type: string)

$ProcessName (type: string)

4650

task_0

-

INFO

$LocalMMPrincipalName (type: string)

$RemoteMMPrincipalName (type: string)

$LocalAddress (type: string)

$LocalKeyModPort (type: integer)

$RemoteAddress (type: string)

$RemoteKeyModPort (type: integer)

$KeyModName (type: string)

$MMAuthMethod (type: string)

$MMCipherAlg (type: string)

$MMIntegrityAlg (type: string)

$DHGroup (type: string)

$MMLifetime (type: integer)

$QMLimit (type: integer)

$Role (type: string)

$MMImpersonationState (type: string)

$MMFilterID (type: integer)

$MMSAID (type: integer)

4651

task_0

-

INFO

$LocalMMPrincipalName (type: string)

$LocalMMCertHash (type: string)

$LocalMMIssuingCA (type: string)

$LocalMMRootCA (type: string)

$RemoteMMPrincipalName (type: string)

$RemoteMMCertHash (type: string)

$RemoteMMIssuingCA (type: string)

$RemoteMMRootCA (type: string)

$LocalAddress (type: string)

$LocalKeyModPort (type: integer)

$RemoteAddress (type: string)

$RemoteKeyModPort (type: integer)

$KeyModName (type: string)

$MMAuthMethod (type: string)

$MMCipherAlg (type: string)

$MMIntegrityAlg (type: string)

$DHGroup (type: string)

$MMLifetime (type: integer)

$QMLimit (type: integer)

$Role (type: string)

$MMImpersonationState (type: string)

$MMFilterID (type: integer)

$MMSAID (type: integer)

4652

task_0

-

INFO

$LocalMMPrincipalName (type: string)

$LocalMMCertHash (type: string)

$LocalMMIssuingCA (type: string)

$LocalMMRootCA (type: string)

$RemoteMMPrincipalName (type: string)

$RemoteMMCertHash (type: string)

$RemoteMMIssuingCA (type: string)

$RemoteMMRootCA (type: string)

$LocalAddress (type: string)

$LocalKeyModPort (type: integer)

$RemoteAddress (type: string)

$RemoteKeyModPort (type: integer)

$KeyModName (type: string)

$FailurePoint (type: string)

$FailureReason (type: string)

$MMAuthMethod (type: string)

$State (type: string)

$Role (type: string)

$MMImpersonationState (type: string)

$MMFilterID (type: integer)

$InitiatorCookie (type: string)

$ResponderCookie (type: string)

4653

task_0

-

INFO

$LocalMMPrincipalName (type: string)

$RemoteMMPrincipalName (type: string)

$LocalAddress (type: string)

$LocalKeyModPort (type: integer)

$RemoteAddress (type: string)

$RemoteKeyModPort (type: integer)

$KeyModName (type: string)

$FailurePoint (type: string)

$FailureReason (type: string)

$MMAuthMethod (type: string)

$State (type: string)

$Role (type: string)

$MMImpersonationState (type: string)

$MMFilterID (type: integer)

$InitiatorCookie (type: string)

$ResponderCookie (type: string)

4654

task_0

-

INFO

$LocalAddress (type: string)

$LocalAddressMask (type: string)

$LocalPort (type: integer)

$LocalTunnelEndpoint (type: string)

$RemoteAddress (type: string)

$RemoteAddressMask (type: string)

$RemotePort (type: integer)

$RemoteTunnelEndpoint (type: string)

$Protocol (type: integer)

$RemotePrivateAddress (type: string)

$KeyModName (type: string)

$FailurePoint (type: string)

$FailureReason (type: string)

$Mode (type: string)

$State (type: string)

$Role (type: string)

$MessageID (type: integer)

$QMFilterID (type: integer)

$MMSAID (type: integer)

4654

task_0

-

INFO

$LocalAddress (type: string)

$LocalAddressMask (type: string)

$LocalPort (type: integer)

$LocalTunnelEndpoint (type: string)

$RemoteAddress (type: string)

$RemoteAddressMask (type: string)

$RemotePort (type: integer)

$RemoteTunnelEndpoint (type: string)

$Protocol (type: integer)

$RemotePrivateAddress (type: string)

$KeyModName (type: string)

$FailurePoint (type: string)

$FailureReason (type: string)

$Mode (type: string)

$State (type: string)

$Role (type: string)

$MessageID (type: integer)

$QMFilterID (type: integer)

$MMSAID (type: integer)

$TunnelId (type: integer)

$TrafficSelectorId (type: integer)

4655

task_0

-

INFO

$LocalAddress (type: string)

$RemoteAddress (type: string)

$KeyModName (type: string)

$MMSAID (type: integer)

4656

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ObjectServer (type: string)

$ObjectType (type: string)

$ObjectName (type: string)

$HandleId (type: string)

$TransactionId (type: string)

$AccessList (type: string)

$AccessMask (type: string)

$PrivilegeList (type: string)

$RestrictedSidCount (type: integer)

$ProcessId (type: string)

$ProcessName (type: string)

4656

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ObjectServer (type: string)

$ObjectType (type: string)

$ObjectName (type: string)

$HandleId (type: string)

$TransactionId (type: string)

$AccessList (type: string)

$AccessReason (type: string)

$AccessMask (type: string)

$PrivilegeList (type: string)

$RestrictedSidCount (type: integer)

$ProcessId (type: string)

$ProcessName (type: string)

$ResourceAttributes (type: string)

4657

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ObjectName (type: string)

$ObjectValueName (type: string)

$HandleId (type: string)

$OperationType (type: string)

$OldValueType (type: string)

$OldValue (type: string)

$NewValueType (type: string)

$NewValue (type: string)

$ProcessId (type: string)

$ProcessName (type: string)

4658

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ObjectServer (type: string)

$HandleId (type: string)

$ProcessId (type: string)

$ProcessName (type: string)

4659

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ObjectServer (type: string)

$ObjectType (type: string)

$ObjectName (type: string)

$HandleId (type: string)

$TransactionId (type: string)

$AccessList (type: string)

$AccessMask (type: string)

$PrivilegeList (type: string)

$ProcessId (type: string)

4660

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ObjectServer (type: string)

$HandleId (type: string)

$ProcessId (type: string)

$ProcessName (type: string)

$TransactionId (type: string)

4661

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ObjectServer (type: string)

$ObjectType (type: string)

$ObjectName (type: string)

$HandleId (type: string)

$TransactionId (type: string)

$AccessList (type: string)

$AccessMask (type: string)

$PrivilegeList (type: string)

$Properties (type: string)

$RestrictedSidCount (type: integer)

$ProcessId (type: string)

$ProcessName (type: string)

4661

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ObjectServer (type: string)

$ObjectType (type: string)

$ObjectName (type: string)

$HandleId (type: string)

$TransactionId (type: string)

$AccessList (type: string)

$AccessReason (type: string)

$AccessMask (type: string)

$PrivilegeList (type: string)

$Properties (type: string)

$RestrictedSidCount (type: integer)

$ProcessId (type: string)

$ProcessName (type: string)

4662

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ObjectServer (type: string)

$ObjectType (type: string)

$ObjectName (type: string)

$OperationType (type: string)

$HandleId (type: string)

$AccessList (type: string)

$AccessMask (type: string)

$Properties (type: string)

$AdditionalInfo (type: string)

$AdditionalInfo2 (type: string)

4663

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ObjectServer (type: string)

$ObjectType (type: string)

$ObjectName (type: string)

$HandleId (type: string)

$AccessList (type: string)

$AccessMask (type: string)

$ProcessId (type: string)

$ProcessName (type: string)

4663

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ObjectServer (type: string)

$ObjectType (type: string)

$ObjectName (type: string)

$HandleId (type: string)

$AccessList (type: string)

$AccessMask (type: string)

$ProcessId (type: string)

$ProcessName (type: string)

$ResourceAttributes (type: string)

4664

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$FileName (type: string)

$LinkName (type: string)

$TransactionId (type: string)

4665

task_0

-

INFO

$AppName (type: string)

$AppInstance (type: integer)

$ClientName (type: string)

$ClientDomain (type: string)

$ClientLogonId (type: integer)

$Status (type: integer)

4666

task_0

-

INFO

$AppName (type: string)

$AppInstance (type: integer)

$ObjectName (type: string)

$ScopeName (type: string)

$ClientName (type: string)

$ClientDomain (type: string)

$ClientLogonId (type: integer)

$Role (type: string)

$Group (type: string)

$OperationName (type: string)

$OperationId (type: integer)

4667

task_0

-

INFO

$AppName (type: string)

$AppInstance (type: integer)

$ClientName (type: string)

$ClientDomain (type: string)

$ClientLogonId (type: integer)

4668

task_0

-

INFO

$AppName (type: string)

$AppInstance (type: integer)

$ClientName (type: string)

$ClientDomain (type: string)

$ClientLogonId (type: integer)

$StoreUrl (type: string)

4670

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ObjectServer (type: string)

$ObjectType (type: string)

$ObjectName (type: string)

$HandleId (type: string)

$OldSd (type: string)

$NewSd (type: string)

$ProcessId (type: string)

$ProcessName (type: string)

4671

task_0

-

INFO

$CallerUserSid (type: string)

$CallerUserName (type: string)

$CallerDomainName (type: string)

$CallerLogonId (type: string)

$Ordinal (type: integer)

4672

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

4673

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ObjectServer (type: string)

$Service (type: string)

$PrivilegeList (type: string)

$ProcessId (type: string)

$ProcessName (type: string)

4674

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ObjectServer (type: string)

$ObjectType (type: string)

$ObjectName (type: string)

$HandleId (type: string)

$AccessMask (type: string)

$PrivilegeList (type: string)

$ProcessId (type: string)

$ProcessName (type: string)

4675

task_0

-

INFO

$TargetUserSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TdoDirection (type: integer)

$TdoAttributes (type: integer)

$TdoType (type: integer)

$TdoSid (type: string)

$SidList (type: string)

4688

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$NewProcessId (type: string)

$NewProcessName (type: string)

$TokenElevationType (type: string)

$ProcessId (type: string)

4688

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$NewProcessId (type: string)

$NewProcessName (type: string)

$TokenElevationType (type: string)

$ProcessId (type: string)

$CommandLine (type: string)

4688

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$NewProcessId (type: string)

$NewProcessName (type: string)

$TokenElevationType (type: string)

$ProcessId (type: string)

$CommandLine (type: string)

$TargetUserSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetLogonId (type: string)

$ParentProcessName (type: string)

$MandatoryLabel (type: string)

4689

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$Status (type: string)

$ProcessId (type: string)

$ProcessName (type: string)

4690

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$SourceHandleId (type: string)

$SourceProcessId (type: string)

$TargetHandleId (type: string)

$TargetProcessId (type: string)

4691

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ObjectType (type: string)

$ObjectName (type: string)

$AccessList (type: string)

$AccessMask (type: string)

$ProcessId (type: string)

4692

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$MasterKeyId (type: string)

$RecoveryServer (type: string)

$RecoveryKeyId (type: string)

$FailureReason (type: string)

4693

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$MasterKeyId (type: string)

$RecoveryReason (type: string)

$RecoveryServer (type: string)

$RecoveryKeyId (type: string)

$FailureId (type: string)

4694

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$DataDescription (type: string)

$MasterKeyId (type: string)

$ProtectedDataFlags (type: string)

$CryptoAlgorithms (type: string)

$FailureReason (type: string)

4695

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$DataDescription (type: string)

$MasterKeyId (type: string)

$ProtectedDataFlags (type: string)

$CryptoAlgorithms (type: string)

$FailureReason (type: string)

4696

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$TargetUserSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetLogonId (type: string)

$TargetProcessId (type: string)

$TargetProcessName (type: string)

$ProcessId (type: string)

$ProcessName (type: string)

4697

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ServiceName (type: string)

$ServiceFileName (type: string)

$ServiceType (type: string)

$ServiceStartType (type: integer)

$ServiceAccount (type: string)

4697

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ServiceName (type: string)

$ServiceFileName (type: string)

$ServiceType (type: string)

$ServiceStartType (type: integer)

$ServiceAccount (type: string)

$ClientProcessStartKey (type: integer)

$ClientProcessId (type: integer)

$ParentProcessId (type: integer)

4698

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$TaskName (type: string)

$TaskContent (type: string)

4698

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$TaskName (type: string)

$TaskContent (type: string)

$ClientProcessStartKey (type: integer)

$ClientProcessId (type: integer)

$ParentProcessId (type: integer)

$RpcCallClientLocality (type: integer)

$FQDN (type: string)

4699

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$TaskName (type: string)

$TaskContent (type: string)

4699

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$TaskName (type: string)

$TaskContent (type: string)

$ClientProcessStartKey (type: integer)

$ClientProcessId (type: integer)

$ParentProcessId (type: integer)

$RpcCallClientLocality (type: integer)

$FQDN (type: string)

4700

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$TaskName (type: string)

$TaskContent (type: string)

4700

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$TaskName (type: string)

$TaskContent (type: string)

$ClientProcessStartKey (type: integer)

$ClientProcessId (type: integer)

$ParentProcessId (type: integer)

$RpcCallClientLocality (type: integer)

$FQDN (type: string)

4701

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$TaskName (type: string)

$TaskContent (type: string)

4701

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$TaskName (type: string)

$TaskContent (type: string)

$ClientProcessStartKey (type: integer)

$ClientProcessId (type: integer)

$ParentProcessId (type: integer)

$RpcCallClientLocality (type: integer)

$FQDN (type: string)

4702

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$TaskName (type: string)

$TaskContentNew (type: string)

4702

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$TaskName (type: string)

$TaskContentNew (type: string)

$ClientProcessStartKey (type: integer)

$ClientProcessId (type: integer)

$ParentProcessId (type: integer)

$RpcCallClientLocality (type: integer)

$FQDN (type: string)

4703

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$TargetUserSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetLogonId (type: string)

$ProcessName (type: string)

$ProcessId (type: string)

$EnabledPrivilegeList (type: string)

$DisabledPrivilegeList (type: string)

4704

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$TargetSid (type: string)

$PrivilegeList (type: string)

4705

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$TargetSid (type: string)

$PrivilegeList (type: string)

4706

task_0

-

INFO

$DomainName (type: string)

$DomainSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$TdoType (type: integer)

$TdoDirection (type: integer)

$TdoAttributes (type: integer)

$SidFilteringEnabled (type: string)

4707

task_0

-

INFO

$DomainName (type: string)

$DomainSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

4709

task_0

-

INFO

$param1 (type: string)

$param2 (type: string)

$param3 (type: string)

4710

task_0

-

INFO

$param1 (type: string)

$param2 (type: string)

4711

task_0

-

INFO

$param1 (type: string)

4712

task_0

-

INFO

$param1 (type: string)

4713

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$KerberosPolicyChange (type: string)

4714

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$EfsPolicyChange (type: string)

4715

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$OldSd (type: string)

$NewSd (type: string)

4716

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$DomainName (type: string)

$DomainSid (type: string)

$TdoType (type: integer)

$TdoDirection (type: integer)

$TdoAttributes (type: integer)

$SidFilteringEnabled (type: string)

4717

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$TargetSid (type: string)

$AccessGranted (type: string)

4718

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$TargetSid (type: string)

$AccessRemoved (type: string)

4719

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$CategoryId (type: string)

$SubcategoryId (type: string)

$SubcategoryGuid (type: string)

$AuditPolicyChanges (type: string)

4720

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

$SamAccountName (type: string)

$DisplayName (type: string)

$UserPrincipalName (type: string)

$HomeDirectory (type: string)

$HomePath (type: string)

$ScriptPath (type: string)

$ProfilePath (type: string)

$UserWorkstations (type: string)

$PasswordLastSet (type: string)

$AccountExpires (type: string)

$PrimaryGroupId (type: string)

$AllowedToDelegateTo (type: string)

$OldUacValue (type: string)

$NewUacValue (type: string)

$UserAccountControl (type: string)

$UserParameters (type: string)

$SidHistory (type: string)

$LogonHours (type: string)

4722

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

4723

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

4724

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

4725

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

4726

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

4727

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

$SamAccountName (type: string)

$SidHistory (type: string)

4728

task_0

-

INFO

$MemberName (type: string)

$MemberSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

4728

task_0

-

INFO

$MemberName (type: string)

$MemberSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

$MembershipExpirationTime (type: string)

4729

task_0

-

INFO

$MemberName (type: string)

$MemberSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

4730

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

4731

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

$SamAccountName (type: string)

$SidHistory (type: string)

4732

task_0

-

INFO

$MemberName (type: string)

$MemberSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

4732

task_0

-

INFO

$MemberName (type: string)

$MemberSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

$MembershipExpirationTime (type: string)

4733

task_0

-

INFO

$MemberName (type: string)

$MemberSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

4734

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

4735

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

$SamAccountName (type: string)

$SidHistory (type: string)

4737

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

$SamAccountName (type: string)

$SidHistory (type: string)

4738

task_0

-

INFO

$Dummy (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

$SamAccountName (type: string)

$DisplayName (type: string)

$UserPrincipalName (type: string)

$HomeDirectory (type: string)

$HomePath (type: string)

$ScriptPath (type: string)

$ProfilePath (type: string)

$UserWorkstations (type: string)

$PasswordLastSet (type: string)

$AccountExpires (type: string)

$PrimaryGroupId (type: string)

$AllowedToDelegateTo (type: string)

$OldUacValue (type: string)

$NewUacValue (type: string)

$UserAccountControl (type: string)

$UserParameters (type: string)

$SidHistory (type: string)

$LogonHours (type: string)

4739

task_0

-

INFO

$DomainPolicyChanged (type: string)

$DomainName (type: string)

$DomainSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

$MinPasswordAge (type: string)

$MaxPasswordAge (type: string)

$ForceLogoff (type: string)

$LockoutThreshold (type: string)

$LockoutObservationWindow (type: string)

$LockoutDuration (type: string)

$PasswordProperties (type: string)

$MinPasswordLength (type: string)

$PasswordHistoryLength (type: string)

$MachineAccountQuota (type: string)

$MixedDomainMode (type: string)

$DomainBehaviorVersion (type: string)

$OemInformation (type: string)

4740

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

4741

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

$SamAccountName (type: string)

$DisplayName (type: string)

$UserPrincipalName (type: string)

$HomeDirectory (type: string)

$HomePath (type: string)

$ScriptPath (type: string)

$ProfilePath (type: string)

$UserWorkstations (type: string)

$PasswordLastSet (type: string)

$AccountExpires (type: string)

$PrimaryGroupId (type: string)

$AllowedToDelegateTo (type: string)

$OldUacValue (type: string)

$NewUacValue (type: string)

$UserAccountControl (type: string)

$UserParameters (type: string)

$SidHistory (type: string)

$LogonHours (type: string)

$DnsHostName (type: string)

$ServicePrincipalNames (type: string)

4742

task_0

-

INFO

$ComputerAccountChange (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

$SamAccountName (type: string)

$DisplayName (type: string)

$UserPrincipalName (type: string)

$HomeDirectory (type: string)

$HomePath (type: string)

$ScriptPath (type: string)

$ProfilePath (type: string)

$UserWorkstations (type: string)

$PasswordLastSet (type: string)

$AccountExpires (type: string)

$PrimaryGroupId (type: string)

$AllowedToDelegateTo (type: string)

$OldUacValue (type: string)

$NewUacValue (type: string)

$UserAccountControl (type: string)

$UserParameters (type: string)

$SidHistory (type: string)

$LogonHours (type: string)

$DnsHostName (type: string)

$ServicePrincipalNames (type: string)

4743

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

4744

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

$SamAccountName (type: string)

$SidHistory (type: string)

4745

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

$SamAccountName (type: string)

$SidHistory (type: string)

4746

task_0

-

INFO

$MemberName (type: string)

$MemberSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

4746

task_0

-

INFO

$MemberName (type: string)

$MemberSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

$MembershipExpirationTime (type: string)

4747

task_0

-

INFO

$MemberName (type: string)

$MemberSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

4748

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

4749

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

$SamAccountName (type: string)

$SidHistory (type: string)

4750

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

$SamAccountName (type: string)

$SidHistory (type: string)

4751

task_0

-

INFO

$MemberName (type: string)

$MemberSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

4751

task_0

-

INFO

$MemberName (type: string)

$MemberSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

$MembershipExpirationTime (type: string)

4752

task_0

-

INFO

$MemberName (type: string)

$MemberSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

4753

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

4754

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

$SamAccountName (type: string)

$SidHistory (type: string)

4755

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

$SamAccountName (type: string)

$SidHistory (type: string)

4756

task_0

-

INFO

$MemberName (type: string)

$MemberSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

4756

task_0

-

INFO

$MemberName (type: string)

$MemberSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

$MembershipExpirationTime (type: string)

4757

task_0

-

INFO

$MemberName (type: string)

$MemberSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

4758

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

4759

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

$SamAccountName (type: string)

$SidHistory (type: string)

4760

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

$SamAccountName (type: string)

$SidHistory (type: string)

4761

task_0

-

INFO

$MemberName (type: string)

$MemberSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

4761

task_0

-

INFO

$MemberName (type: string)

$MemberSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

$MembershipExpirationTime (type: string)

4762

task_0

-

INFO

$MemberName (type: string)

$MemberSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

4763

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

4764

task_0

-

INFO

$GroupTypeChange (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

4765

task_0

-

INFO

$SourceUserName (type: string)

$SourceSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

$SidList (type: string)

4766

task_0

-

INFO

$SourceUserName (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

4767

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

4768

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$ServiceName (type: string)

$ServiceSid (type: string)

$TicketOptions (type: string)

$Status (type: string)

$TicketEncryptionType (type: string)

$PreAuthType (type: string)

$IpAddress (type: string)

$IpPort (type: string)

$CertIssuerName (type: string)

$CertSerialNumber (type: string)

$CertThumbprint (type: string)

4769

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$ServiceName (type: string)

$ServiceSid (type: string)

$TicketOptions (type: string)

$TicketEncryptionType (type: string)

$IpAddress (type: string)

$IpPort (type: string)

$Status (type: string)

$LogonGuid (type: string)

$TransmittedServices (type: string)

4770

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$ServiceName (type: string)

$ServiceSid (type: string)

$TicketOptions (type: string)

$TicketEncryptionType (type: string)

$IpAddress (type: string)

$IpPort (type: string)

4771

task_0

-

INFO

$TargetUserName (type: string)

$TargetSid (type: string)

$ServiceName (type: string)

$TicketOptions (type: string)

$Status (type: string)

$PreAuthType (type: string)

$IpAddress (type: string)

$IpPort (type: string)

$CertIssuerName (type: string)

$CertSerialNumber (type: string)

$CertThumbprint (type: string)

4772

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$ServiceName (type: string)

$TicketOptions (type: string)

$FailureCode (type: string)

$IpAddress (type: string)

$IpPort (type: string)

4773

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$ServiceName (type: string)

$TicketOptions (type: string)

$FailureCode (type: string)

$IpAddress (type: string)

$IpPort (type: string)

4774

task_0

-

INFO

$MappingBy (type: string)

$ClientUserName (type: string)

$MappedName (type: string)

4775

task_0

-

INFO

$ClientUserName (type: string)

$MappingBy (type: string)

4776

task_0

-

INFO

$PackageName (type: string)

$TargetUserName (type: string)

$Workstation (type: string)

$Status (type: string)

4777

task_0

-

INFO

$ClientUserName (type: string)

$TargetUserName (type: string)

$Workstation (type: string)

$Status (type: string)

4778

task_0

-

INFO

$AccountName (type: string)

$AccountDomain (type: string)

$LogonID (type: string)

$SessionName (type: string)

$ClientName (type: string)

$ClientAddress (type: string)

4779

task_0

-

INFO

$AccountName (type: string)

$AccountDomain (type: string)

$LogonID (type: string)

$SessionName (type: string)

$ClientName (type: string)

$ClientAddress (type: string)

4780

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

4781

task_0

-

INFO

$OldTargetUserName (type: string)

$NewTargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

4782

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

4783

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

$SamAccountName (type: string)

$SidHistory (type: string)

4784

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

$SamAccountName (type: string)

$SidHistory (type: string)

4785

task_0

-

INFO

$MemberName (type: string)

$MemberSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

4785

task_0

-

INFO

$MemberName (type: string)

$MemberSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

$MembershipExpirationTime (type: string)

4786

task_0

-

INFO

$MemberName (type: string)

$MemberSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

4787

task_0

-

INFO

$MemberName (type: string)

$MemberSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

4788

task_0

-

INFO

$MemberName (type: string)

$MemberSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

4789

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

4790

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

$SamAccountName (type: string)

$SidHistory (type: string)

4791

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

$SamAccountName (type: string)

$SidHistory (type: string)

4792

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

4793

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$Workstation (type: string)

$TargetUserName (type: string)

$Status (type: string)

4794

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$Workstation (type: string)

$Status (type: string)

4797

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$Workstation (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

4798

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$CallerProcessId (type: string)

$CallerProcessName (type: string)

4799

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$CallerProcessId (type: string)

$CallerProcessName (type: string)

4800

task_0

-

INFO

$TargetUserSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetLogonId (type: string)

$SessionId (type: integer)

4801

task_0

-

INFO

$TargetUserSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetLogonId (type: string)

$SessionId (type: integer)

4802

task_0

-

INFO

$TargetUserSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetLogonId (type: string)

$SessionId (type: integer)

4803

task_0

-

INFO

$TargetUserSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetLogonId (type: string)

$SessionId (type: integer)

4816

task_0

-

INFO

$param1 (type: string)

$param2 (type: string)

$param3 (type: string)

4816

task_0

-

INFO

$PeerName (type: string)

$ProtocolSequence (type: string)

$SecurityError (type: integer)

4817

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ObjectServer (type: string)

$ObjectType (type: string)

$ObjectName (type: string)

$OldSd (type: string)

$NewSd (type: string)

4818

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ObjectServer (type: string)

$ObjectType (type: string)

$ObjectName (type: string)

$HandleId (type: string)

$ProcessId (type: string)

$ProcessName (type: string)

$AccessReason (type: string)

$StagingReason (type: string)

4819

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ObjectServer (type: string)

$ObjectType (type: string)

$AddedCAPs (type: string)

$DeletedCAPs (type: string)

$ModifiedCAPs (type: string)

$AsIsCAPs (type: string)

4820

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$DeviceName (type: string)

$ServiceName (type: string)

$ServiceSid (type: string)

$TicketOptions (type: string)

$Status (type: string)

$TicketEncryptionType (type: string)

$PreAuthType (type: string)

$IpAddress (type: string)

$IpPort (type: string)

$CertIssuerName (type: string)

$CertSerialNumber (type: string)

$CertThumbprint (type: string)

$SiloName (type: string)

$PolicyName (type: string)

$TGTLifetime (type: integer)

4821

task_0

-

INFO

$TargetUserName (type: string)

$TargetDomainName (type: string)

$DeviceName (type: string)

$ServiceName (type: string)

$ServiceSid (type: string)

$TicketOptions (type: string)

$TicketEncryptionType (type: string)

$IpAddress (type: string)

$IpPort (type: string)

$Status (type: string)

$LogonGuid (type: string)

$TransitedServices (type: string)

$SiloName (type: string)

$PolicyName (type: string)

4822

task_0

-

INFO

$AccountName (type: string)

$DeviceName (type: string)

$Status (type: string)

4823

task_0

-

INFO

$AccountName (type: string)

$DeviceName (type: string)

$Status (type: string)

$SiloName (type: string)

$PolicyName (type: string)

4824

task_0

-

INFO

$TargetUserName (type: string)

$TargetSid (type: string)

$ServiceName (type: string)

$TicketOptions (type: string)

$Status (type: string)

$PreAuthType (type: string)

$IpAddress (type: string)

$IpPort (type: string)

$CertIssuerName (type: string)

$CertSerialNumber (type: string)

$CertThumbprint (type: string)

4825

task_0

-

INFO

$AccountName (type: string)

$AccountDomain (type: string)

$LogonID (type: string)

$ClientAddress (type: string)

4826

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$LoadOptions (type: string)

$AdvancedOptions (type: string)

$ConfigAccessPolicy (type: string)

$RemoteEventLogging (type: string)

$KernelDebug (type: string)

$VsmLaunchType (type: string)

$TestSigning (type: string)

$FlightSigning (type: string)

$DisableIntegrityChecks (type: string)

$HypervisorLoadOptions (type: string)

$HypervisorLaunchType (type: string)

$HypervisorDebug (type: string)

4830

task_0

-

INFO

$SourceUserName (type: string)

$SourceSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PrivilegeList (type: string)

$SidList (type: string)

4864

task_0

-

INFO

$CollisionTargetType (type: integer)

$CollisionTargetName (type: string)

$ForestRoot (type: string)

$TopLevelName (type: string)

$DnsName (type: string)

$NetbiosName (type: string)

$DomainSid (type: string)

$Flags (type: integer)

4865

task_0

-

INFO

$ForestRoot (type: string)

$ForestRootSid (type: string)

$OperationId (type: string)

$EntryType (type: integer)

$Flags (type: integer)

$TopLevelName (type: string)

$DnsName (type: string)

$NetbiosName (type: string)

$DomainSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

4866

task_0

-

INFO

$ForestRoot (type: string)

$ForestRootSid (type: string)

$OperationId (type: string)

$EntryType (type: integer)

$Flags (type: integer)

$TopLevelName (type: string)

$DnsName (type: string)

$NetbiosName (type: string)

$DomainSid (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

4867

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ForestRoot (type: string)

$ForestRootSid (type: string)

$OperationId (type: string)

$EntryType (type: integer)

$Flags (type: integer)

$TopLevelName (type: string)

$DnsName (type: string)

$NetbiosName (type: string)

$DomainSid (type: string)

4868

task_0

-

INFO

$RequestId (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

4869

task_0

-

INFO

$RequestId (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

4870

task_0

-

INFO

$CertificateSerialNumber (type: string)

$RevocationReason (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

4871

task_0

-

INFO

$NextUpdate (type: string)

$NextPublishForBaseCRL (type: string)

$NextPublishForDeltaCRL (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

4872

task_0

-

INFO

$IsBaseCRL (type: string)

$CRLNumber (type: string)

$KeyContainer (type: string)

$NextPublish (type: string)

$PublishURLs (type: string)

4873

task_0

-

INFO

$RequestId (type: string)

$ExtensionName (type: string)

$ExtensionDataType (type: string)

$ExtensionPolicyFlags (type: string)

$ExtensionData (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

4874

task_0

-

INFO

$RequestId (type: string)

$Attributes (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

4875

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

4876

task_0

-

INFO

$BackupType (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

4877

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

4878

task_0

-

INFO

4879

task_0

-

INFO

4880

task_0

-

INFO

$CertificateDatabaseHash (type: string)

$PrivateKeyUsageCount (type: string)

$CACertificateHash (type: string)

$CAPublicKeyHash (type: string)

4881

task_0

-

INFO

$CertificateDatabaseHash (type: string)

$PrivateKeyUsageCount (type: string)

$CACertificateHash (type: string)

$CAPublicKeyHash (type: string)

4882

task_0

-

INFO

$SecuritySettings (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

4883

task_0

-

INFO

$RequestId (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

4884

task_0

-

INFO

$Certificate (type: string)

$RequestId (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

4885

task_0

-

INFO

$AuditFilter (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

4886

task_0

-

INFO

$RequestId (type: string)

$Requester (type: string)

$Attributes (type: string)

4887

task_0

-

INFO

$RequestId (type: string)

$Requester (type: string)

$Attributes (type: string)

$Disposition (type: string)

$SubjectKeyIdentifier (type: string)

$Subject (type: string)

4888

task_0

-

INFO

$RequestId (type: string)

$Requester (type: string)

$Attributes (type: string)

$Disposition (type: string)

$SubjectKeyIdentifier (type: string)

$Subject (type: string)

4889

task_0

-

INFO

$RequestId (type: string)

$Requester (type: string)

$Attributes (type: string)

$Disposition (type: string)

$SubjectKeyIdentifier (type: string)

$Subject (type: string)

4890

task_0

-

INFO

$EnableRestrictedPermissions (type: string)

$RestrictedPermissions (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

4891

task_0

-

INFO

$Node (type: string)

$Entry (type: string)

$Value (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

4892

task_0

-

INFO

$PropertyName (type: string)

$PropertyIndex (type: string)

$PropertyType (type: string)

$PropertyValue (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

4893

task_0

-

INFO

$RequestId (type: string)

$Requester (type: string)

$KRAHashes (type: string)

4894

task_0

-

INFO

$RequestId (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

4895

task_0

-

INFO

$CertificateHash (type: string)

$ValidFrom (type: string)

$ValidTo (type: string)

4896

task_0

-

INFO

$TableId (type: string)

$Filter (type: string)

$RowsDeleted (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

4897

task_0

-

INFO

$RoleSeparationEnabled (type: string)

4898

task_0

-

INFO

$TemplateInternalName (type: string)

$TemplateVersion (type: string)

$TemplateSchemaVersion (type: string)

$TemplateOID (type: string)

$TemplateDSObjectFQDN (type: string)

$DCDNSName (type: string)

$TemplateContent (type: string)

$SecurityDescriptor (type: string)

4899

task_0

-

INFO

$TemplateInternalName (type: string)

$TemplateVersion (type: string)

$TemplateSchemaVersion (type: string)

$TemplateOID (type: string)

$TemplateDSObjectFQDN (type: string)

$DCDNSName (type: string)

$NewTemplateContent (type: string)

$OldTemplateContent (type: string)

4900

task_0

-

INFO

$TemplateInternalName (type: string)

$TemplateVersion (type: string)

$TemplateSchemaVersion (type: string)

$TemplateOID (type: string)

$TemplateDSObjectFQDN (type: string)

$DCDNSName (type: string)

$NewTemplateContent (type: string)

$NewSecurityDescriptor (type: string)

$OldTemplateContent (type: string)

$OldSecurityDescriptor (type: string)

4902

task_0

-

INFO

$PuaCount (type: integer)

$PuaPolicyId (type: string)

4904

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$AuditSourceName (type: string)

$EventSourceId (type: string)

$ProcessId (type: string)

$ProcessName (type: string)

4905

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$AuditSourceName (type: string)

$EventSourceId (type: string)

$ProcessId (type: string)

$ProcessName (type: string)

4906

task_0

-

INFO

$CrashOnAuditFailValue (type: integer)

4907

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ObjectServer (type: string)

$ObjectType (type: string)

$ObjectName (type: string)

$HandleId (type: string)

$OldSd (type: string)

$NewSd (type: string)

$ProcessId (type: string)

$ProcessName (type: string)

4908

task_0

-

INFO

$SidList (type: string)

4909

task_0

-

INFO

$OldBlockedOrdinals (type: string)

$NewBlockedOrdinals (type: string)

4910

task_0

-

INFO

$OldIgnoreDefaultSettings (type: integer)

$NewIgnoreDefaultSettings (type: integer)

$OldIgnoreLocalSettings (type: integer)

$NewIgnoreLocalSettings (type: integer)

$OldBlockedOrdinals (type: string)

$NewBlockedOrdinals (type: string)

4911

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ObjectServer (type: string)

$ObjectType (type: string)

$ObjectName (type: string)

$HandleId (type: string)

$OldSd (type: string)

$NewSd (type: string)

$ProcessId (type: string)

$ProcessName (type: string)

4912

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$TargetUserSid (type: string)

$CategoryId (type: string)

$SubcategoryId (type: string)

$SubcategoryGuid (type: string)

$AuditPolicyChanges (type: string)

4913

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ObjectServer (type: string)

$ObjectType (type: string)

$ObjectName (type: string)

$HandleId (type: string)

$OldSd (type: string)

$NewSd (type: string)

$ProcessId (type: string)

$ProcessName (type: string)

4928

task_0

-

INFO

$DestinationDRA (type: string)

$SourceDRA (type: string)

$SourceAddr (type: string)

$NamingContext (type: string)

$Options (type: integer)

$StatusCode (type: integer)

4928

task_0

-

INFO

$DestinationDRA (type: string)

$SourceDRA (type: string)

$SourceAddr (type: string)

$NamingContext (type: string)

$Options (type: integer)

$StatusCode (type: integer)

4929

task_0

-

INFO

$DestinationDRA (type: string)

$SourceDRA (type: string)

$SourceAddr (type: string)

$NamingContext (type: string)

$Options (type: integer)

$StatusCode (type: integer)

4929

task_0

-

INFO

$DestinationDRA (type: string)

$SourceDRA (type: string)

$SourceAddr (type: string)

$NamingContext (type: string)

$Options (type: integer)

$StatusCode (type: integer)

4930

task_0

-

INFO

$DestinationDRA (type: string)

$SourceDRA (type: string)

$SourceAddr (type: string)

$NamingContext (type: string)

$Options (type: integer)

$StatusCode (type: integer)

4930

task_0

-

INFO

$DestinationDRA (type: string)

$SourceDRA (type: string)

$SourceAddr (type: string)

$NamingContext (type: string)

$Options (type: integer)

$StatusCode (type: integer)

4931

task_0

-

INFO

$DestinationDRA (type: string)

$SourceDRA (type: string)

$SourceAddr (type: string)

$NamingContext (type: string)

$Options (type: integer)

$StatusCode (type: integer)

4931

task_0

-

INFO

$DestinationDRA (type: string)

$SourceDRA (type: string)

$SourceAddr (type: string)

$NamingContext (type: string)

$Options (type: integer)

$StatusCode (type: integer)

4932

task_0

-

INFO

$DestinationDRA (type: string)

$SourceDRA (type: string)

$NamingContext (type: string)

$Options (type: integer)

$SessionID (type: integer)

$StartUSN (type: string)

4932

task_0

-

INFO

$DestinationDRA (type: string)

$SourceDRA (type: string)

$NamingContext (type: string)

$Options (type: integer)

$SessionID (type: integer)

$StartUSN (type: string)

4933

task_0

-

INFO

$DestinationDRA (type: string)

$SourceDRA (type: string)

$NamingContext (type: string)

$Options (type: integer)

$SessionID (type: integer)

$EndUSN (type: string)

$StatusCode (type: integer)

4933

task_0

-

INFO

$DestinationDRA (type: string)

$SourceDRA (type: string)

$NamingContext (type: string)

$Options (type: integer)

$SessionID (type: integer)

$EndUSN (type: string)

$StatusCode (type: integer)

4934

task_0

-

INFO

$SessionID (type: integer)

$Object (type: string)

$Attribute (type: string)

$TypeOfChange (type: integer)

$NewValue (type: string)

$USN (type: string)

$StatusCode (type: integer)

4935

task_0

-

INFO

$ReplicationEvent (type: integer)

$AuditStatusCode (type: integer)

4936

task_0

-

INFO

$ReplicationEvent (type: integer)

$AuditStatusCode (type: integer)

$ReplicationStatusCode (type: integer)

4937

task_0

-

INFO

$DestinationDRA (type: string)

$SourceDRA (type: string)

$Object (type: string)

$Options (type: integer)

$StatusCode (type: integer)

4937

task_0

-

INFO

$DestinationDRA (type: string)

$SourceDRA (type: string)

$Object (type: string)

$Options (type: integer)

$StatusCode (type: integer)

4944

task_0

-

INFO

$GroupPolicyApplied (type: string)

$Profile (type: string)

$OperationMode (type: string)

$RemoteAdminEnabled (type: string)

$MulticastFlowsEnabled (type: string)

$LogDroppedPacketsEnabled (type: string)

$LogSuccessfulConnectionsEnabled (type: string)

4945

task_0

-

INFO

$ProfileUsed (type: string)

$RuleId (type: string)

$RuleName (type: string)

4946

task_0

-

INFO

$ProfileChanged (type: string)

$RuleId (type: string)

$RuleName (type: string)

4947

task_0

-

INFO

$ProfileChanged (type: string)

$RuleId (type: string)

$RuleName (type: string)

4948

task_0

-

INFO

$ProfileChanged (type: string)

$RuleId (type: string)

$RuleName (type: string)

4949

task_0

-

INFO

4950

task_0

-

INFO

$ProfileChanged (type: string)

$SettingType (type: string)

$SettingValue (type: string)

4951

task_0

-

INFO

$Profile (type: string)

$RuleId (type: string)

$RuleName (type: string)

4952

task_0

-

INFO

$Profile (type: string)

$RuleId (type: string)

$RuleName (type: string)

4953

task_0

-

INFO

$Profile (type: string)

$ReasonForRejection (type: string)

$RuleId (type: string)

$RuleName (type: string)

4954

task_0

-

INFO

4956

task_0

-

INFO

$ActiveProfile (type: string)

4957

task_0

-

INFO

$RuleId (type: string)

$RuleName (type: string)

$RuleAttr (type: string)

4958

task_0

-

INFO

$RuleId (type: string)

$RuleName (type: string)

$Error (type: string)

$Reason (type: string)

4960

task_0

-

INFO

$RemoteAddress (type: string)

$SPI (type: integer)

4961

task_0

-

INFO

$RemoteAddress (type: string)

$SPI (type: integer)

4962

task_0

-

INFO

$RemoteAddress (type: string)

$SPI (type: integer)

4963

task_0

-

INFO

$RemoteAddress (type: string)

$SPI (type: integer)

4964

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$LogonGuid (type: string)

$TargetUserSid (type: string)

$TargetUserName (type: string)

$TargetDomainName (type: string)

$TargetLogonId (type: string)

$TargetLogonGuid (type: string)

$SidList (type: string)

4965

task_0

-

INFO

$RemoteAddress (type: string)

$SPI (type: integer)

4976

task_0

-

INFO

$LocalAddress (type: string)

$RemoteAddress (type: string)

$KeyModName (type: string)

4977

task_0

-

INFO

$LocalAddress (type: string)

$RemoteAddress (type: string)

$KeyModName (type: string)

4978

task_0

-

INFO

$LocalAddress (type: string)

$RemoteAddress (type: string)

$KeyModName (type: string)

4979

task_0

-

INFO

$LocalMMPrincipalName (type: string)

$RemoteMMPrincipalName (type: string)

$LocalAddress (type: string)

$LocalKeyModPort (type: integer)

$RemoteAddress (type: string)

$RemoteKeyModPort (type: integer)

$MMAuthMethod (type: string)

$MMCipherAlg (type: string)

$MMIntegrityAlg (type: string)

$DHGroup (type: string)

$MMLifetime (type: integer)

$QMLimit (type: integer)

$Role (type: string)

$MMImpersonationState (type: string)

$MMFilterID (type: integer)

$MMSAID (type: integer)

$LocalEMPrincipalName (type: string)

$RemoteEMPrincipalName (type: string)

$EMAuthMethod (type: string)

$EMImpersonationState (type: string)

$QMFilterID (type: integer)

4980

task_0

-

INFO

$LocalMMPrincipalName (type: string)

$RemoteMMPrincipalName (type: string)

$LocalAddress (type: string)

$LocalKeyModPort (type: integer)

$RemoteAddress (type: string)

$RemoteKeyModPort (type: integer)

$MMAuthMethod (type: string)

$MMCipherAlg (type: string)

$MMIntegrityAlg (type: string)

$DHGroup (type: string)

$MMLifetime (type: integer)

$QMLimit (type: integer)

$Role (type: string)

$MMImpersonationState (type: string)

$MMFilterID (type: integer)

$MMSAID (type: integer)

$LocalEMPrincipalName (type: string)

$LocalEMCertHash (type: string)

$LocalEMIssuingCA (type: string)

$LocalEMRootCA (type: string)

$RemoteEMPrincipalName (type: string)

$RemoteEMCertHash (type: string)

$RemoteEMIssuingCA (type: string)

$RemoteEMRootCA (type: string)

$EMImpersonationState (type: string)

$QMFilterID (type: integer)

4981

task_0

-

INFO

$LocalMMPrincipalName (type: string)

$LocalMMCertHash (type: string)

$LocalMMIssuingCA (type: string)

$LocalMMRootCA (type: string)

$RemoteMMPrincipalName (type: string)

$RemoteMMCertHash (type: string)

$RemoteMMIssuingCA (type: string)

$RemoteMMRootCA (type: string)

$LocalAddress (type: string)

$LocalKeyModPort (type: integer)

$RemoteAddress (type: string)

$RemoteKeyModPort (type: integer)

$MMCipherAlg (type: string)

$MMIntegrityAlg (type: string)

$DHGroup (type: string)

$MMLifetime (type: integer)

$QMLimit (type: integer)

$Role (type: string)

$MMImpersonationState (type: string)

$MMFilterID (type: integer)

$MMSAID (type: integer)

$LocalEMPrincipalName (type: string)

$RemoteEMPrincipalName (type: string)

$EMAuthMethod (type: string)

$EMImpersonationState (type: string)

$QMFilterID (type: integer)

4982

task_0

-

INFO

$LocalMMPrincipalName (type: string)

$LocalMMCertHash (type: string)

$LocalMMIssuingCA (type: string)

$LocalMMRootCA (type: string)

$RemoteMMPrincipalName (type: string)

$RemoteMMCertHash (type: string)

$RemoteMMIssuingCA (type: string)

$RemoteMMRootCA (type: string)

$LocalKeyModPort (type: integer)

$RemoteAddress (type: string)

$RemoteKeyModPort (type: integer)

$MMCipherAlg (type: string)

$MMIntegrityAlg (type: string)

$DHGroup (type: string)

$MMLifetime (type: integer)

$QMLimit (type: integer)

$Role (type: string)

$MMImpersonationState (type: string)

$MMFilterID (type: integer)

$MMSAID (type: integer)

$LocalEMPrincipalName (type: string)

$LocalEMCertHash (type: string)

$LocalEMIssuingCA (type: string)

$LocalEMRootCA (type: string)

$RemoteEMPrincipalName (type: string)

$RemoteEMCertHash (type: string)

$RemoteEMIssuingCA (type: string)

$RemoteEMRootCA (type: string)

$EMImpersonationState (type: string)

$QMFilterID (type: integer)

4983

task_0

-

INFO

$LocalEMPrincipalName (type: string)

$LocalEMCertHash (type: string)

$LocalEMIssuingCA (type: string)

$LocalEMRootCA (type: string)

$RemoteEMPrincipalName (type: string)

$RemoteEMCertHash (type: string)

$RemoteEMIssuingCA (type: string)

$RemoteEMRootCA (type: string)

$LocalAddress (type: string)

$LocalKeyModPort (type: integer)

$RemoteAddress (type: string)

$RemoteKeyModPort (type: integer)

$FailurePoint (type: string)

$FailureReason (type: string)

$State (type: string)

$Role (type: string)

$EMImpersonationState (type: string)

$QMFilterID (type: integer)

4984

task_0

-

INFO

$LocalEMPrincipalName (type: string)

$RemoteEMPrincipalName (type: string)

$LocalAddress (type: string)

$LocalKeyModPort (type: integer)

$RemoteAddress (type: string)

$RemoteKeyModPort (type: integer)

$FailurePoint (type: string)

$FailureReason (type: string)

$EMAuthMethod (type: string)

$State (type: string)

$Role (type: string)

$EMImpersonationState (type: string)

$QMFilterID (type: integer)

4985

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$TransactionId (type: string)

$NewState (type: integer)

$ResourceManager (type: string)

$ProcessId (type: string)

$ProcessName (type: string)

5024

task_0

-

INFO

5025

task_0

-

INFO

5027

task_0

-

INFO

$ErrorCode (type: integer)

5028

task_0

-

INFO

$ErrorCode (type: integer)

5029

task_0

-

INFO

$ErrorCode (type: integer)

5030

task_0

-

INFO

$ErrorCode (type: integer)

5031

task_0

-

INFO

$Profiles (type: string)

$Application (type: string)

5032

task_0

-

INFO

$ErrorCode (type: integer)

5033

task_0

-

INFO

5034

task_0

-

INFO

5035

task_0

-

INFO

$ErrorCode (type: integer)

5037

task_0

-

INFO

$ErrorCode (type: integer)

5038

task_0

-

INFO

$param1 (type: string)

5039

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ObjectPath (type: string)

$ObjectVirtualPath (type: string)

$ProcessId (type: string)

$ProcessName (type: string)

5040

task_0

-

INFO

$ProfileChanged (type: string)

$AuthenticationSetId (type: string)

$AuthenticationSetName (type: string)

5041

task_0

-

INFO

$ProfileChanged (type: string)

$AuthenticationSetId (type: string)

$AuthenticationSetName (type: string)

5042

task_0

-

INFO

$ProfileChanged (type: string)

$AuthenticationSetId (type: string)

$AuthenticationSetName (type: string)

5043

task_0

-

INFO

$ProfileChanged (type: string)

$ConnectionSecurityRuleId (type: string)

$ConnectionSecurityRuleName (type: string)

5044

task_0

-

INFO

$ProfileChanged (type: string)

$ConnectionSecurityRuleId (type: string)

$ConnectionSecurityRuleName (type: string)

5045

task_0

-

INFO

$ProfileChanged (type: string)

$ConnectionSecurityRuleId (type: string)

$ConnectionSecurityRuleName (type: string)

5046

task_0

-

INFO

$ProfileChanged (type: string)

$CryptographicSetId (type: string)

$CryptographicSetName (type: string)

5047

task_0

-

INFO

$ProfileChanged (type: string)

$CryptographicSetId (type: string)

$CryptographicSetName (type: string)

5048

task_0

-

INFO

$ProfileChanged (type: string)

$CryptographicSetId (type: string)

$CryptographicSetName (type: string)

5049

task_0

-

INFO

$ProfileChanged (type: string)

$IpSecSecurityAssociationId (type: string)

$IpSecSecurityAssociationName (type: string)

5050

task_0

-

INFO

$CallerProcessName (type: string)

$ProcessId (type: integer)

$Publisher (type: string)

5051

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$FileName (type: string)

$VirtualFileName (type: string)

$ProcessId (type: string)

$ProcessName (type: string)

5056

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$Module (type: string)

$ReturnCode (type: string)

5057

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ProviderName (type: string)

$AlgorithmName (type: string)

$Reason (type: string)

$ReturnCode (type: string)

5058

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ProviderName (type: string)

$AlgorithmName (type: string)

$KeyName (type: string)

$KeyType (type: string)

$KeyFilePath (type: string)

$Operation (type: string)

$ReturnCode (type: string)

5058

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ClientProcessId (type: integer)

$ClientCreationTime (type: string)

$ProviderName (type: string)

$AlgorithmName (type: string)

$KeyName (type: string)

$KeyType (type: string)

$KeyFilePath (type: string)

$Operation (type: string)

$ReturnCode (type: string)

5059

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ProviderName (type: string)

$AlgorithmName (type: string)

$KeyName (type: string)

$KeyType (type: string)

$Operation (type: string)

$ReturnCode (type: string)

5059

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ClientProcessId (type: integer)

$ClientCreationTime (type: string)

$ProviderName (type: string)

$AlgorithmName (type: string)

$KeyName (type: string)

$KeyType (type: string)

$Operation (type: string)

$ReturnCode (type: string)

5060

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ProviderName (type: string)

$AlgorithmName (type: string)

$KeyName (type: string)

$KeyType (type: string)

$Reason (type: string)

$ReturnCode (type: string)

5061

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ProviderName (type: string)

$AlgorithmName (type: string)

$KeyName (type: string)

$KeyType (type: string)

$Operation (type: string)

$ReturnCode (type: string)

5062

task_0

-

INFO

$Module (type: string)

$ReturnCode (type: integer)

5063

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: integer)

$ProviderName (type: string)

$ModuleName (type: string)

$Operation (type: string)

$ReturnCode (type: integer)

5064

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: integer)

$Scope (type: string)

$ContextName (type: string)

$Operation (type: string)

$ReturnCode (type: integer)

5065

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: integer)

$Scope (type: string)

$ContextName (type: string)

$OldValue (type: integer)

$NewValue (type: integer)

$ReturnCode (type: integer)

5066

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: integer)

$Scope (type: string)

$ContextName (type: string)

$InterfaceId (type: string)

$FunctionName (type: string)

$Position (type: integer)

$Operation (type: string)

$ReturnCode (type: integer)

5067

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: integer)

$Scope (type: string)

$ContextName (type: string)

$InterfaceId (type: string)

$FunctionName (type: string)

$OldValue (type: integer)

$NewValue (type: integer)

$ReturnCode (type: integer)

5068

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: integer)

$Scope (type: string)

$ContextName (type: string)

$InterfaceId (type: string)

$FunctionName (type: string)

$ProviderName (type: string)

$Position (type: integer)

$Operation (type: string)

$ReturnCode (type: integer)

5069

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: integer)

$Scope (type: string)

$ContextName (type: string)

$InterfaceId (type: string)

$FunctionName (type: string)

$PropertyName (type: string)

$Operation (type: string)

$Value (type: string)

$ReturnCode (type: integer)

5070

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: integer)

$Scope (type: string)

$ContextName (type: string)

$InterfaceId (type: string)

$FunctionName (type: string)

$PropertyName (type: string)

$OldValue (type: string)

$NewValue (type: string)

$ReturnCode (type: integer)

5071

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$SecurityDescriptor (type: string)

5120

task_0

-

INFO

5121

task_0

-

INFO

5122

task_0

-

INFO

$CAConfigurationId (type: string)

$NewValue (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

5123

task_0

-

INFO

$PropertyName (type: string)

$NewValue (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

5124

task_0

-

INFO

$NewSecuritySettings (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

5125

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

5125

task_0

-

INFO

$SerialNumber (type: string)

$CAName (type: string)

$Status (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

5126

task_0

-

INFO

$CAConfigurationId (type: string)

$NewSigningCertificateHash (type: string)

5127

task_0

-

INFO

$CAConfigurationId (type: string)

$BaseCRLNumber (type: string)

$BaseCRLThisUpdate (type: string)

$BaseCRLHash (type: string)

$DeltaCRLNumber (type: string)

$DeltaCRLIndicator (type: string)

$DeltaCRLThisUpdate (type: string)

$DeltaCRLHash (type: string)

5136

task_0

-

INFO

$OpCorrelationID (type: string)

$AppCorrelationID (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$DSName (type: string)

$DSType (type: string)

$ObjectDN (type: string)

$ObjectGUID (type: string)

$ObjectClass (type: string)

$AttributeLDAPDisplayName (type: string)

$AttributeSyntaxOID (type: string)

$AttributeValue (type: string)

$OperationType (type: string)

5137

task_0

-

INFO

$OpCorrelationID (type: string)

$AppCorrelationID (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$DSName (type: string)

$DSType (type: string)

$ObjectDN (type: string)

$ObjectGUID (type: string)

$ObjectClass (type: string)

5138

task_0

-

INFO

$OpCorrelationID (type: string)

$AppCorrelationID (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$DSName (type: string)

$DSType (type: string)

$OldObjectDN (type: string)

$NewObjectDN (type: string)

$ObjectGUID (type: string)

$ObjectClass (type: string)

5139

task_0

-

INFO

$OpCorrelationID (type: string)

$AppCorrelationID (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$DSName (type: string)

$DSType (type: string)

$OldObjectDN (type: string)

$NewObjectDN (type: string)

$ObjectGUID (type: string)

$ObjectClass (type: string)

5140

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$IpAddress (type: string)

$IpPort (type: string)

$ShareName (type: string)

5140

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ObjectType (type: string)

$IpAddress (type: string)

$IpPort (type: string)

$ShareName (type: string)

$ShareLocalPath (type: string)

$AccessMask (type: string)

$AccessList (type: string)

5141

task_0

-

INFO

$OpCorrelationID (type: string)

$AppCorrelationID (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$DSName (type: string)

$DSType (type: string)

$ObjectDN (type: string)

$ObjectGUID (type: string)

$ObjectClass (type: string)

$TreeDelete (type: string)

5142

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ShareName (type: string)

$ShareLocalPath (type: string)

5143

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ObjectType (type: string)

$ShareName (type: string)

$ShareLocalPath (type: string)

$OldRemark (type: string)

$NewRemark (type: string)

$OldMaxUsers (type: string)

$NewMaxUsers (type: string)

$OldShareFlags (type: string)

$NewShareFlags (type: string)

$OldSD (type: string)

$NewSD (type: string)

5144

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ShareName (type: string)

$ShareLocalPath (type: string)

5145

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ObjectType (type: string)

$IpAddress (type: string)

$IpPort (type: string)

$ShareName (type: string)

$ShareLocalPath (type: string)

$RelativeTargetName (type: string)

$AccessMask (type: string)

$AccessList (type: string)

$AccessReason (type: string)

5146

task_0

-

INFO

$Direction (type: string)

$SourceAddress (type: string)

$DestAddress (type: string)

$EtherType (type: string)

$VlanTag (type: string)

$vSwitchID (type: string)

$SourcevSwitchPort (type: integer)

$DestinationvSwitchPort (type: integer)

$FilterRTID (type: integer)

$LayerName (type: string)

$LayerRTID (type: integer)

5147

task_0

-

INFO

$Direction (type: string)

$SourceAddress (type: string)

$DestAddress (type: string)

$EtherType (type: string)

$VlanTag (type: string)

$vSwitchID (type: string)

$SourcevSwitchPort (type: integer)

$DestinationvSwitchPort (type: integer)

$FilterRTID (type: integer)

$LayerName (type: string)

$LayerRTID (type: integer)

5148

task_0

-

INFO

$Type (type: string)

5149

task_0

-

INFO

$Type (type: string)

$PacketsDiscarded (type: integer)

5150

task_0

-

INFO

$Direction (type: string)

$SourceAddress (type: string)

$DestAddress (type: string)

$EtherType (type: string)

$MediaType (type: integer)

$InterfaceType (type: integer)

$VlanTag (type: string)

$FilterRTID (type: integer)

$LayerName (type: string)

$LayerRTID (type: integer)

5151

task_0

-

INFO

$Direction (type: string)

$SourceAddress (type: string)

$DestAddress (type: string)

$EtherType (type: string)

$MediaType (type: integer)

$InterfaceType (type: integer)

$VlanTag (type: string)

$FilterRTID (type: integer)

$LayerName (type: string)

$LayerRTID (type: integer)

5152

task_0

-

INFO

$ProcessId (type: integer)

$Application (type: string)

$Direction (type: string)

$SourceAddress (type: string)

$SourcePort (type: string)

$DestAddress (type: string)

$DestPort (type: string)

$Protocol (type: integer)

$FilterRTID (type: integer)

$LayerName (type: string)

$LayerRTID (type: integer)

5153

task_0

-

INFO

$ProcessId (type: integer)

$Application (type: string)

$Direction (type: string)

$SourceAddress (type: string)

$SourcePort (type: string)

$DestAddress (type: string)

$DestPort (type: string)

$Protocol (type: integer)

$FilterRTID (type: integer)

$LayerName (type: string)

$LayerRTID (type: integer)

5154

task_0

-

INFO

$ProcessId (type: integer)

$Application (type: string)

$SourceAddress (type: string)

$SourcePort (type: string)

$Protocol (type: integer)

$FilterRTID (type: integer)

$LayerName (type: string)

$LayerRTID (type: integer)

5155

task_0

-

INFO

$ProcessId (type: integer)

$Application (type: string)

$SourceAddress (type: string)

$SourcePort (type: string)

$Protocol (type: integer)

$FilterRTID (type: integer)

$LayerName (type: string)

$LayerRTID (type: integer)

5156

task_0

-

INFO

$ProcessID (type: integer)

$Application (type: string)

$Direction (type: string)

$SourceAddress (type: string)

$SourcePort (type: string)

$DestAddress (type: string)

$DestPort (type: string)

$Protocol (type: integer)

$FilterRTID (type: integer)

$LayerName (type: string)

$LayerRTID (type: integer)

5156

task_0

-

INFO

$ProcessID (type: integer)

$Application (type: string)

$Direction (type: string)

$SourceAddress (type: string)

$SourcePort (type: string)

$DestAddress (type: string)

$DestPort (type: string)

$Protocol (type: integer)

$FilterRTID (type: integer)

$LayerName (type: string)

$LayerRTID (type: integer)

$RemoteUserID (type: string)

$RemoteMachineID (type: string)

5157

task_0

-

INFO

$ProcessID (type: integer)

$Application (type: string)

$Direction (type: string)

$SourceAddress (type: string)

$SourcePort (type: string)

$DestAddress (type: string)

$DestPort (type: string)

$Protocol (type: integer)

$FilterRTID (type: integer)

$LayerName (type: string)

$LayerRTID (type: integer)

5157

task_0

-

INFO

$ProcessID (type: integer)

$Application (type: string)

$Direction (type: string)

$SourceAddress (type: string)

$SourcePort (type: string)

$DestAddress (type: string)

$DestPort (type: string)

$Protocol (type: integer)

$FilterRTID (type: integer)

$LayerName (type: string)

$LayerRTID (type: integer)

$RemoteUserID (type: string)

$RemoteMachineID (type: string)

5158

task_0

-

INFO

$ProcessId (type: integer)

$Application (type: string)

$SourceAddress (type: string)

$SourcePort (type: string)

$Protocol (type: integer)

$FilterRTID (type: integer)

$LayerName (type: string)

$LayerRTID (type: integer)

5159

task_0

-

INFO

$ProcessId (type: integer)

$Application (type: string)

$SourceAddress (type: string)

$SourcePort (type: string)

$Protocol (type: integer)

$FilterRTID (type: integer)

$LayerName (type: string)

$LayerRTID (type: integer)

5168

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$SpnName (type: string)

$ErrorCode (type: string)

$ServerNames (type: string)

$ConfiguredNames (type: string)

$IpAddresses (type: string)

5169

task_0

-

INFO

$OpCorrelationID (type: string)

$AppCorrelationID (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$DSName (type: string)

$DSType (type: string)

$ObjectDN (type: string)

$ObjectGUID (type: string)

$ObjectClass (type: string)

$AttributeLDAPDisplayName (type: string)

$AttributeSyntaxOID (type: string)

$AttributeValue (type: string)

$ExpirationTime (type: string)

$OperationType (type: string)

5170

task_0

-

INFO

$OpCorrelationID (type: string)

$AppCorrelationID (type: string)

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$DSName (type: string)

$DSType (type: string)

$ObjectDN (type: string)

$ObjectGUID (type: string)

$ObjectClass (type: string)

$AttributeLDAPDisplayName (type: string)

$AttributeSyntaxOID (type: string)

$AttributeValue (type: string)

$ExpirationTime (type: string)

$OperationType (type: string)

5376

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

5376

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$BackupFileName (type: string)

$ProcessCreationTime (type: string)

$ClientProcessId (type: integer)

5377

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

5377

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$BackupFileName (type: string)

$ProcessCreationTime (type: string)

$ClientProcessId (type: integer)

5378

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$Package (type: string)

$UserUPN (type: string)

$TargetServer (type: string)

$CredType (type: string)

5379

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$TargetName (type: string)

$Type (type: integer)

$CountOfCredentialsReturned (type: integer)

$ReadOperation (type: string)

$ReturnCode (type: integer)

$ProcessCreationTime (type: string)

$ClientProcessId (type: integer)

5380

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$SearchString (type: string)

$SchemaFriendlyName (type: string)

$Schema (type: string)

$CountOfCredentialsReturned (type: integer)

$ProcessCreationTime (type: string)

$ClientProcessId (type: integer)

5381

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$Flags (type: integer)

$CountOfCredentialsReturned (type: integer)

$ProcessCreationTime (type: string)

$ClientProcessId (type: integer)

5382

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$SchemaFriendlyName (type: string)

$Schema (type: string)

$Resource (type: string)

$Identity (type: string)

$PackageSid (type: string)

$Flags (type: integer)

$ReturnCode (type: integer)

$ProcessCreationTime (type: string)

$ClientProcessId (type: integer)

5440

task_0

-

INFO

$ProviderKey (type: string)

$ProviderName (type: string)

$CalloutKey (type: string)

$CalloutName (type: string)

$CalloutType (type: string)

$CalloutId (type: integer)

$LayerKey (type: string)

$LayerName (type: string)

$LayerId (type: integer)

5441

task_0

-

INFO

$ProviderKey (type: string)

$ProviderName (type: string)

$FilterKey (type: string)

$FilterName (type: string)

$FilterType (type: string)

$FilterId (type: integer)

$LayerKey (type: string)

$LayerName (type: string)

$LayerId (type: integer)

$Weight (type: integer)

$Conditions (type: string)

$Action (type: string)

$CalloutKey (type: string)

$CalloutName (type: string)

5442

task_0

-

INFO

$ProviderKey (type: string)

$ProviderName (type: string)

$ProviderType (type: string)

5443

task_0

-

INFO

$ProviderKey (type: string)

$ProviderName (type: string)

$ProviderContextKey (type: string)

$ProviderContextName (type: string)

$ProviderContextType (type: string)

5444

task_0

-

INFO

$ProviderKey (type: string)

$ProviderName (type: string)

$SubLayerKey (type: string)

$SubLayerName (type: string)

$SubLayerType (type: string)

$Weight (type: integer)

5446

task_0

-

INFO

$ProcessId (type: integer)

$UserSid (type: string)

$UserName (type: string)

$ProviderKey (type: string)

$ProviderName (type: string)

$ChangeType (type: string)

$CalloutKey (type: string)

$CalloutName (type: string)

$CalloutType (type: string)

$CalloutId (type: integer)

$LayerKey (type: string)

$LayerName (type: string)

$LayerId (type: integer)

5447

task_0

-

INFO

$ProcessId (type: integer)

$UserSid (type: string)

$UserName (type: string)

$ProviderKey (type: string)

$ProviderName (type: string)

$ChangeType (type: string)

$FilterKey (type: string)

$FilterName (type: string)

$FilterType (type: string)

$FilterId (type: integer)

$LayerKey (type: string)

$LayerName (type: string)

$LayerId (type: integer)

$Weight (type: integer)

$Conditions (type: string)

$Action (type: string)

$CalloutKey (type: string)

$CalloutName (type: string)

5448

task_0

-

INFO

$ProcessId (type: integer)

$UserSid (type: string)

$UserName (type: string)

$ChangeType (type: string)

$ProviderKey (type: string)

$ProviderName (type: string)

$ProviderType (type: string)

5449

task_0

-

INFO

$ProcessId (type: integer)

$UserSid (type: string)

$UserName (type: string)

$ProviderKey (type: string)

$ProviderName (type: string)

$ChangeType (type: string)

$ProviderContextKey (type: string)

$ProviderContextName (type: string)

$ProviderContextType (type: string)

5450

task_0

-

INFO

$ProcessId (type: integer)

$UserSid (type: string)

$UserName (type: string)

$ProviderKey (type: string)

$ProviderName (type: string)

$ChangeType (type: string)

$SubLayerKey (type: string)

$SubLayerName (type: string)

$SubLayerType (type: string)

$Weight (type: integer)

5451

task_0

-

INFO

$LocalAddress (type: string)

$LocalAddressMask (type: string)

$LocalPort (type: integer)

$LocalTunnelEndpoint (type: string)

$RemoteAddress (type: string)

$RemoteAddressMask (type: string)

$RemotePort (type: integer)

$PeerPrivateAddress (type: string)

$RemoteTunnelEndpoint (type: string)

$IpProtocol (type: integer)

$KeyingModuleName (type: string)

$AhAuthType (type: string)

$EspAuthType (type: string)

$CipherType (type: string)

$LifetimeSeconds (type: integer)

$LifetimeKilobytes (type: integer)

$LifetimePackets (type: integer)

$Mode (type: string)

$Role (type: string)

$TransportFilterId (type: integer)

$MainModeSaId (type: integer)

$QuickModeSaId (type: integer)

$InboundSpi (type: integer)

$OutboundSpi (type: integer)

5451

task_0

-

INFO

$LocalAddress (type: string)

$LocalAddressMask (type: string)

$LocalPort (type: integer)

$LocalTunnelEndpoint (type: string)

$RemoteAddress (type: string)

$RemoteAddressMask (type: string)

$RemotePort (type: integer)

$PeerPrivateAddress (type: string)

$RemoteTunnelEndpoint (type: string)

$IpProtocol (type: integer)

$KeyingModuleName (type: string)

$AhAuthType (type: string)

$EspAuthType (type: string)

$CipherType (type: string)

$LifetimeSeconds (type: integer)

$LifetimeKilobytes (type: integer)

$LifetimePackets (type: integer)

$Mode (type: string)

$Role (type: string)

$TransportFilterId (type: integer)

$MainModeSaId (type: integer)

$QuickModeSaId (type: integer)

$InboundSpi (type: integer)

$OutboundSpi (type: integer)

$TunnelId (type: integer)

$TrafficSelectorId (type: integer)

5452

task_0

-

INFO

$LocalAddress (type: string)

$LocalPort (type: integer)

$LocalTunnelEndpoint (type: string)

$RemoteAddress (type: string)

$RemotePort (type: integer)

$RemoteTunnelEndpoint (type: string)

$IpProtocol (type: integer)

$QuickModeSaId (type: integer)

5452

task_0

-

INFO

$LocalAddress (type: string)

$LocalAddressMask (type: string)

$LocalPort (type: integer)

$LocalTunnelEndpoint (type: string)

$RemoteAddress (type: string)

$RemoteAddressMask (type: string)

$RemotePort (type: integer)

$RemoteTunnelEndpoint (type: string)

$IpProtocol (type: integer)

$QuickModeSaId (type: integer)

$TunnelId (type: integer)

$TrafficSelectorId (type: integer)

5453

task_0

-

INFO

5456

task_0

-

INFO

$Policy (type: string)

5457

task_0

-

INFO

$Policy (type: string)

$Error (type: string)

5458

task_0

-

INFO

$Policy (type: string)

5459

task_0

-

INFO

$Policy (type: string)

$Error (type: string)

5460

task_0

-

INFO

$Policy (type: string)

5461

task_0

-

INFO

$Policy (type: string)

$Error (type: string)

5462

task_0

-

INFO

$Policy (type: string)

$Error (type: string)

5463

task_0

-

INFO

5464

task_0

-

INFO

5465

task_0

-

INFO

5466

task_0

-

INFO

5467

task_0

-

INFO

5468

task_0

-

INFO

5471

task_0

-

INFO

$Policy (type: string)

5472

task_0

-

INFO

$Policy (type: string)

$Error (type: string)

5473

task_0

-

INFO

$Policy (type: string)

5474

task_0

-

INFO

$Policy (type: string)

$Error (type: string)

5477

task_0

-

INFO

$QuickModeFilter (type: string)

$Error (type: string)

5478

task_0

-

INFO

5479

task_0

-

INFO

5480

task_0

-

INFO

5483

task_0

-

INFO

$Error (type: string)

5484

task_0

-

INFO

$Error (type: string)

5485

task_0

-

INFO

5632

task_0

-

INFO

$SSID (type: string)

$Identity (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PeerMac (type: string)

$LocalMac (type: string)

$IntfGuid (type: string)

$ReasonCode (type: string)

$ReasonText (type: string)

$ErrorCode (type: string)

5632

task_0

-

INFO

$SSID (type: string)

$Identity (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$PeerMac (type: string)

$LocalMac (type: string)

$IntfGuid (type: string)

$ReasonCode (type: string)

$ReasonText (type: string)

$ErrorCode (type: string)

$EAPReasonCode (type: string)

$EapRootCauseString (type: string)

$EAPErrorCode (type: string)

5633

task_0

-

INFO

$InterfaceName (type: string)

$Identity (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ReasonCode (type: string)

$ReasonText (type: string)

$ErrorCode (type: string)

5712

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: integer)

$ProcessId (type: integer)

$ProcessName (type: string)

$RemoteIpAddress (type: string)

$RemotePort (type: string)

$InterfaceUuid (type: string)

$ProtocolSequence (type: string)

$AuthenticationService (type: integer)

$AuthenticationLevel (type: integer)

5888

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectUserDomainName (type: string)

$SubjectLogonId (type: integer)

$ObjectCollectionName (type: string)

$ObjectIdentifyingProperties (type: string)

$ModifiedObjectProperties (type: string)

5889

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectUserDomainName (type: string)

$SubjectLogonId (type: integer)

$ObjectCollectionName (type: string)

$ObjectIdentifyingProperties (type: string)

$ObjectProperties (type: string)

5890

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectUserDomainName (type: string)

$SubjectLogonId (type: integer)

$ObjectCollectionName (type: string)

$ObjectIdentifyingProperties (type: string)

$ObjectProperties (type: string)

6144

task_0

-

INFO

$ErrorCode (type: integer)

$GPOList (type: string)

6145

task_0

-

INFO

$ErrorCode (type: integer)

$GPOList (type: string)

6272

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$FullyQualifiedSubjectUserName (type: string)

$SubjectMachineSID (type: string)

$SubjectMachineName (type: string)

$FullyQualifiedSubjectMachineName (type: string)

$MachineInventory (type: string)

$CalledStationID (type: string)

$CallingStationID (type: string)

$NASIPv4Address (type: string)

$NASIPv6Address (type: string)

$NASIdentifier (type: string)

$NASPortType (type: string)

$NASPort (type: string)

$ClientName (type: string)

$ClientIPAddress (type: string)

$ProxyPolicyName (type: string)

$NetworkPolicyName (type: string)

$AuthenticationProvider (type: string)

$AuthenticationServer (type: string)

$AuthenticationType (type: string)

$EAPType (type: string)

$AccountSessionIdentifier (type: string)

$QuarantineState (type: string)

$QuarantineSessionIdentifier (type: string)

6272

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$FullyQualifiedSubjectUserName (type: string)

$SubjectMachineSID (type: string)

$SubjectMachineName (type: string)

$FullyQualifiedSubjectMachineName (type: string)

$MachineInventory (type: string)

$CalledStationID (type: string)

$CallingStationID (type: string)

$NASIPv4Address (type: string)

$NASIPv6Address (type: string)

$NASIdentifier (type: string)

$NASPortType (type: string)

$NASPort (type: string)

$ClientName (type: string)

$ClientIPAddress (type: string)

$ProxyPolicyName (type: string)

$NetworkPolicyName (type: string)

$AuthenticationProvider (type: string)

$AuthenticationServer (type: string)

$AuthenticationType (type: string)

$EAPType (type: string)

$AccountSessionIdentifier (type: string)

$QuarantineState (type: string)

$QuarantineSessionIdentifier (type: string)

$LoggingResult (type: string)

6272

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$FullyQualifiedSubjectUserName (type: string)

$SubjectMachineSID (type: string)

$SubjectMachineName (type: string)

$FullyQualifiedSubjectMachineName (type: string)

$CalledStationID (type: string)

$CallingStationID (type: string)

$NASIPv4Address (type: string)

$NASIPv6Address (type: string)

$NASIdentifier (type: string)

$NASPortType (type: string)

$NASPort (type: string)

$ClientName (type: string)

$ClientIPAddress (type: string)

$ProxyPolicyName (type: string)

$NetworkPolicyName (type: string)

$AuthenticationProvider (type: string)

$AuthenticationServer (type: string)

$AuthenticationType (type: string)

$EAPType (type: string)

$AccountSessionIdentifier (type: string)

$LoggingResult (type: string)

6273

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$FullyQualifiedSubjectUserName (type: string)

$SubjectMachineSID (type: string)

$SubjectMachineName (type: string)

$FullyQualifiedSubjectMachineName (type: string)

$MachineInventory (type: string)

$CalledStationID (type: string)

$CallingStationID (type: string)

$NASIPv4Address (type: string)

$NASIPv6Address (type: string)

$NASIdentifier (type: string)

$NASPortType (type: string)

$NASPort (type: string)

$ClientName (type: string)

$ClientIPAddress (type: string)

$ProxyPolicyName (type: string)

$NetworkPolicyName (type: string)

$AuthenticationProvider (type: string)

$AuthenticationServer (type: string)

$AuthenticationType (type: string)

$EAPType (type: string)

$AccountSessionIdentifier (type: string)

$ReasonCode (type: string)

$Reason (type: string)

6273

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$FullyQualifiedSubjectUserName (type: string)

$SubjectMachineSID (type: string)

$SubjectMachineName (type: string)

$FullyQualifiedSubjectMachineName (type: string)

$MachineInventory (type: string)

$CalledStationID (type: string)

$CallingStationID (type: string)

$NASIPv4Address (type: string)

$NASIPv6Address (type: string)

$NASIdentifier (type: string)

$NASPortType (type: string)

$NASPort (type: string)

$ClientName (type: string)

$ClientIPAddress (type: string)

$ProxyPolicyName (type: string)

$NetworkPolicyName (type: string)

$AuthenticationProvider (type: string)

$AuthenticationServer (type: string)

$AuthenticationType (type: string)

$EAPType (type: string)

$AccountSessionIdentifier (type: string)

$ReasonCode (type: string)

$Reason (type: string)

$LoggingResult (type: string)

6273

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$FullyQualifiedSubjectUserName (type: string)

$SubjectMachineSID (type: string)

$SubjectMachineName (type: string)

$FullyQualifiedSubjectMachineName (type: string)

$CalledStationID (type: string)

$CallingStationID (type: string)

$NASIPv4Address (type: string)

$NASIPv6Address (type: string)

$NASIdentifier (type: string)

$NASPortType (type: string)

$NASPort (type: string)

$ClientName (type: string)

$ClientIPAddress (type: string)

$ProxyPolicyName (type: string)

$NetworkPolicyName (type: string)

$AuthenticationProvider (type: string)

$AuthenticationServer (type: string)

$AuthenticationType (type: string)

$EAPType (type: string)

$AccountSessionIdentifier (type: string)

$ReasonCode (type: string)

$Reason (type: string)

$LoggingResult (type: string)

6274

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$FullyQualifiedSubjectUserName (type: string)

$SubjectMachineSID (type: string)

$SubjectMachineName (type: string)

$FullyQualifiedSubjectMachineName (type: string)

$MachineInventory (type: string)

$CalledStationID (type: string)

$CallingStationID (type: string)

$NASIPv4Address (type: string)

$NASIPv6Address (type: string)

$NASIdentifier (type: string)

$NASPortType (type: string)

$NASPort (type: string)

$ClientName (type: string)

$ClientIPAddress (type: string)

$ProxyPolicyName (type: string)

$NetworkPolicyName (type: string)

$AuthenticationProvider (type: string)

$AuthenticationServer (type: string)

$AuthenticationType (type: string)

$EAPType (type: string)

$AccountSessionIdentifier (type: string)

$ReasonCode (type: string)

$Reason (type: string)

6274

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$FullyQualifiedSubjectUserName (type: string)

$SubjectMachineSID (type: string)

$SubjectMachineName (type: string)

$FullyQualifiedSubjectMachineName (type: string)

$CalledStationID (type: string)

$CallingStationID (type: string)

$NASIPv4Address (type: string)

$NASIPv6Address (type: string)

$NASIdentifier (type: string)

$NASPortType (type: string)

$NASPort (type: string)

$ClientName (type: string)

$ClientIPAddress (type: string)

$ProxyPolicyName (type: string)

$NetworkPolicyName (type: string)

$AuthenticationProvider (type: string)

$AuthenticationServer (type: string)

$AuthenticationType (type: string)

$EAPType (type: string)

$AccountSessionIdentifier (type: string)

$ReasonCode (type: string)

$Reason (type: string)

6275

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$FullyQualifiedSubjectUserName (type: string)

$SubjectMachineSID (type: string)

$SubjectMachineName (type: string)

$FullyQualifiedSubjectMachineName (type: string)

$MachineInventory (type: string)

$CalledStationID (type: string)

$CallingStationID (type: string)

$NASIPv4Address (type: string)

$NASIPv6Address (type: string)

$NASIdentifier (type: string)

$NASPortType (type: string)

$NASPort (type: string)

$ClientName (type: string)

$ClientIPAddress (type: string)

$ProxyPolicyName (type: string)

$NetworkPolicyName (type: string)

$AuthenticationProvider (type: string)

$AuthenticationServer (type: string)

$AuthenticationType (type: string)

$EAPType (type: string)

$AccountSessionIdentifier (type: string)

$ReasonCode (type: string)

$Reason (type: string)

6275

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$FullyQualifiedSubjectUserName (type: string)

$SubjectMachineSID (type: string)

$SubjectMachineName (type: string)

$FullyQualifiedSubjectMachineName (type: string)

$CalledStationID (type: string)

$CallingStationID (type: string)

$NASIPv4Address (type: string)

$NASIPv6Address (type: string)

$NASIdentifier (type: string)

$NASPortType (type: string)

$NASPort (type: string)

$ClientName (type: string)

$ClientIPAddress (type: string)

$ProxyPolicyName (type: string)

$NetworkPolicyName (type: string)

$AuthenticationProvider (type: string)

$AuthenticationServer (type: string)

$AuthenticationType (type: string)

$EAPType (type: string)

$AccountSessionIdentifier (type: string)

$ReasonCode (type: string)

$Reason (type: string)

6276

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$FullyQualifiedSubjectUserName (type: string)

$SubjectMachineSID (type: string)

$SubjectMachineName (type: string)

$FullyQualifiedSubjectMachineName (type: string)

$MachineInventory (type: string)

$CalledStationID (type: string)

$CallingStationID (type: string)

$NASIPv4Address (type: string)

$NASIPv6Address (type: string)

$NASIdentifier (type: string)

$NASPortType (type: string)

$NASPort (type: string)

$ClientName (type: string)

$ClientIPAddress (type: string)

$ProxyPolicyName (type: string)

$NetworkPolicyName (type: string)

$AuthenticationProvider (type: string)

$AuthenticationServer (type: string)

$AuthenticationType (type: string)

$EAPType (type: string)

$AccountSessionIdentifier (type: string)

$QuarantineState (type: string)

$ExtendedQuarantineState (type: string)

$QuarantineSessionID (type: string)

$QuarantineHelpURL (type: string)

$QuarantineSystemHealthResult (type: string)

6277

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$FullyQualifiedSubjectUserName (type: string)

$SubjectMachineSID (type: string)

$SubjectMachineName (type: string)

$FullyQualifiedSubjectMachineName (type: string)

$MachineInventory (type: string)

$CalledStationID (type: string)

$CallingStationID (type: string)

$NASIPv4Address (type: string)

$NASIPv6Address (type: string)

$NASIdentifier (type: string)

$NASPortType (type: string)

$NASPort (type: string)

$ClientName (type: string)

$ClientIPAddress (type: string)

$ProxyPolicyName (type: string)

$NetworkPolicyName (type: string)

$AuthenticationProvider (type: string)

$AuthenticationServer (type: string)

$AuthenticationType (type: string)

$EAPType (type: string)

$AccountSessionIdentifier (type: string)

$QuarantineState (type: string)

$ExtendedQuarantineState (type: string)

$QuarantineSessionID (type: string)

$QuarantineHelpURL (type: string)

$QuarantineSystemHealthResult (type: string)

$QuarantineGraceTime (type: string)

6278

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$FullyQualifiedSubjectUserName (type: string)

$SubjectMachineSID (type: string)

$SubjectMachineName (type: string)

$FullyQualifiedSubjectMachineName (type: string)

$MachineInventory (type: string)

$CalledStationID (type: string)

$CallingStationID (type: string)

$NASIPv4Address (type: string)

$NASIPv6Address (type: string)

$NASIdentifier (type: string)

$NASPortType (type: string)

$NASPort (type: string)

$ClientName (type: string)

$ClientIPAddress (type: string)

$ProxyPolicyName (type: string)

$NetworkPolicyName (type: string)

$AuthenticationProvider (type: string)

$AuthenticationServer (type: string)

$AuthenticationType (type: string)

$EAPType (type: string)

$AccountSessionIdentifier (type: string)

$QuarantineState (type: string)

$ExtendedQuarantineState (type: string)

$QuarantineSessionID (type: string)

$QuarantineHelpURL (type: string)

$QuarantineSystemHealthResult (type: string)

6279

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$FullyQualifiedSubjectUserName (type: string)

6280

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$FullyQualifiedSubjectUserName (type: string)

6281

task_0

-

INFO

$param1 (type: string)

6400

task_0

-

INFO

$ClientIPAddress (type: string)

6401

task_0

-

INFO

$ClientIPAddress (type: string)

6402

task_0

-

INFO

$ClientIPAddress (type: string)

6403

task_0

-

INFO

$HostedCacheName (type: string)

6404

task_0

-

INFO

$HostedCacheName (type: string)

$ErrorCode (type: integer)

6405

task_0

-

INFO

$EventId (type: integer)

$Count (type: integer)

6406

task_0

-

INFO

$ProductName (type: string)

$Categories (type: string)

6407

task_0

-

INFO

$Message (type: string)

6408

task_0

-

INFO

$ProductName (type: string)

$Categories (type: string)

6409

task_0

-

INFO

$GUID (type: string)

6410

task_0

-

INFO

$param1 (type: string)

6416

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$ClassId (type: string)

$VendorIds (type: string)

$CompatibleIds (type: string)

$LocationInformation (type: string)

6416

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$DeviceId (type: string)

$DeviceDescription (type: string)

$ClassId (type: string)

$ClassName (type: string)

$VendorIds (type: string)

$CompatibleIds (type: string)

$LocationInformation (type: string)

6417

task_0

-

INFO

$ProcessId (type: string)

$ProcessName (type: string)

6418

task_0

-

INFO

$ProcessId (type: string)

$ProcessName (type: string)

$FatalCode (type: integer)

6419

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$DeviceId (type: string)

$DeviceDescription (type: string)

$ClassId (type: string)

$ClassName (type: string)

$HardwareIds (type: string)

$CompatibleIds (type: string)

$LocationInformation (type: string)

6420

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$DeviceId (type: string)

$DeviceDescription (type: string)

$ClassId (type: string)

$ClassName (type: string)

$HardwareIds (type: string)

$CompatibleIds (type: string)

$LocationInformation (type: string)

6421

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$DeviceId (type: string)

$DeviceDescription (type: string)

$ClassId (type: string)

$ClassName (type: string)

$HardwareIds (type: string)

$CompatibleIds (type: string)

$LocationInformation (type: string)

6422

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$DeviceId (type: string)

$DeviceDescription (type: string)

$ClassId (type: string)

$ClassName (type: string)

$HardwareIds (type: string)

$CompatibleIds (type: string)

$LocationInformation (type: string)

6423

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$DeviceId (type: string)

$DeviceDescription (type: string)

$ClassId (type: string)

$ClassName (type: string)

$HardwareIds (type: string)

$CompatibleIds (type: string)

$LocationInformation (type: string)

6424

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$DeviceId (type: string)

$DeviceDescription (type: string)

$ClassId (type: string)

$ClassName (type: string)

$HardwareIds (type: string)

$CompatibleIds (type: string)

$LocationInformation (type: string)

6425

task_0

-

INFO

$SubjectUserSid (type: string)

$SubjectUserName (type: string)

$SubjectDomainName (type: string)

$SubjectLogonId (type: string)

$TrustedDomainName (type: string)

$TrustedDomainId (type: string)

$ClientNetworkAddress (type: string)

$LegacyRPCMethodName (type: string)

8191

task_0

-

INFO

Microsoft-Windows-Security-EnterpriseData-FileRevocationManager

0

task_0

ProtectIdentityoperation.

INFO

$EntIDString (type: string)

$AppIDString (type: string)

1

task_0

ProtectIdentityoperation.

INFO

$EntIDString (type: string)

$AppIDString (type: string)

$ErrorCode (type: string)

17

task_0

RevokeIdentityoperation.

INFO

$EntIDString (type: string)

$AppIDString (type: string)

18

task_0

RevokeIdentityoperation.

INFO

$EntIDString (type: string)

$AppIDString (type: string)

19

task_0

RevokeIdentityoperation.

INFO

$EntIDString (type: string)

$AppIDString (type: string)

$ErrorCode (type: string)

20

task_0

Delegationoperation.

INFO

$PolicyString (type: string)

Microsoft-Windows-Security-ExchangeActiveSyncProvisioning

1

EAS_REGPROV

-

CRITICAL

$DllPath (type: string)

2

EAS_REGPROV

-

CRITICAL

$DllPath (type: string)

100

ExchangeActiveSyncProvisioningPerformance

win:Start

INFO

101

ExchangeActiveSyncProvisioningPerformance

win:Stop

INFO

$TimeSpent (type: integer)

Microsoft-Windows-Security-IdentityListener

0

task_0

-

INFO

$Number (type: integer)

1

task_0

-

ERROR

$LastError (type: integer)

2

task_0

-

INFO

$Sid (type: string)

3

task_0

-

ERROR

$Sid (type: string)

4

task_0

-

INFO

$Sid (type: string)

5

task_0

-

ERROR

$Sid (type: string)

6

task_0

-

INFO

$psz (type: string)

7

task_0

-

ERROR

$LastError (type: integer)

8

task_0

-

INFO

$psz (type: string)

9

task_0

-

ERROR

$RemoteMachineName (type: string)

$Errorcode (type: integer)

10

task_0

-

INFO

$ProviderGUID (type: string)

$IdentityUID (type: string)

$IdentityDisplayName (type: string)

11

task_0

-

ERROR

$LastError (type: integer)

12

task_0

-

INFO

13

task_0

-

ERROR

$LastError (type: integer)

14

task_0

-

ERROR

$psz (type: string)

15

task_0

-

ERROR

$RemoteMachineName (type: string)

$Errorcode (type: integer)

Microsoft-Windows-Security-IdentityStore

1

CreateConnectedUser

win:Start

INFO

2

CreateConnectedUser

win:Start

INFO

3

CreateConnectedUser

win:Stop

INFO

4

ConnectDisconnectUser

win:Start

INFO

5

ConnectDisconnectUser

win:Stop

INFO

6

ConnectDisconnectUser

win:Start

INFO

7

ConnectDisconnectUser

win:Stop

INFO

8

ConnectDisconnectUser

win:Start

INFO

9

ConnectDisconnectUser

win:Stop

INFO

10

ConnectDisconnectUser

win:Start

INFO

11

ConnectDisconnectUser

win:Stop

INFO

12

IdentityQuery

win:Start

INFO

13

IdentityQuery

win:Stop

INFO

14

IdentityQuery

win:Start

INFO

15

IdentityQuery

win:Stop

INFO

16

IdentityQuery

win:Start

INFO

17

IdentityQuery

win:Stop

INFO

18

IdentityQuery

win:Start

INFO

19

IdentityQuery

win:Stop

INFO

20

IdentityQuery

win:Start

INFO

21

IdentityQuery

win:Stop

INFO

22

CreateConnectedUser

win:Start

INFO

23

CreateConnectedUser

win:Stop

INFO

24

CreateConnectedUser

win:Start

INFO

25

CreateConnectedUser

win:Stop

INFO

26

ConnectDisconnectUser

win:Start

INFO

27

ConnectDisconnectUser

win:Stop

INFO

Microsoft-Windows-Security-Kerberos

3

task_0

opcode_128

-

$LogonSession (type: string)

$ClientTime (type: string)

$ServerTime (type: string)

$ErrorCode (type: string)

$ErrorMessage (type: string)

$ExtendedError (type: string)

$ClientRealm (type: string)

$ClientName (type: string)

$ServerRealm (type: string)

$ServerName (type: string)

$TargetName (type: string)

$ErrorText (type: string)

$File (type: string)

$Line (type: string)

$__binLength (type: integer)

$binary (type: string)

4

task_0

opcode_64

-

$Server (type: string)

$TargetRealm (type: string)

$Targetname (type: string)

$ClientRealm (type: string)

$__binLength (type: integer)

$binary (type: string)

5

task_0

opcode_64

-

$Server (type: string)

$KDCRealm (type: string)

$__binLength (type: integer)

$binary (type: string)

5

task_0

-

-

$Error (type: string)

$__binLength (type: integer)

$binary (type: string)

6

task_0

opcode_128

-

$NeededSize (type: string)

$ActualSize (type: string)

$ClientProcessID (type: string)

$ClientName (type: string)

$__binLength (type: integer)

$binary (type: string)

6

task_0

-

-

$Error (type: string)

$__binLength (type: integer)

$binary (type: string)

7

task_0

opcode_192

-

$ClientName (type: string)

$Realm (type: string)

$__binLength (type: integer)

$binary (type: string)

7

task_0

-

-

$Error (type: string)

$__binLength (type: integer)

$binary (type: string)

8

task_0

opcode_192

-

$Name (type: string)

$Message (type: string)

$__binLength (type: integer)

$binary (type: string)

8

task_0

-

-

$Error (type: string)

$__binLength (type: integer)

$binary (type: string)

9

task_0

opcode_192

-

$Name (type: string)

$Message (type: string)

$__binLength (type: integer)

$binary (type: string)

9

task_0

-

-

$Error (type: string)

$__binLength (type: integer)

$binary (type: string)

10

task_0

opcode_128

-

10

task_0

-

-

$Error (type: string)

$__binLength (type: integer)

$binary (type: string)

11

task_0

opcode_192

-

11

task_0

-

-

$Error (type: string)

$__binLength (type: integer)

$binary (type: string)

12

task_0

opcode_128

-

12

task_0

-

-

$Error (type: string)

$__binLength (type: integer)

$binary (type: string)

13

task_0

-

-

$Error (type: string)

$__binLength (type: integer)

$binary (type: string)

13

task_0

opcode_128

-

$Username (type: string)

$__binLength (type: integer)

$binary (type: string)

14

task_0

opcode_128

-

$Username (type: string)

$__binLength (type: integer)

$binary (type: string)

14

task_0

-

-

$Error (type: string)

$__binLength (type: integer)

$binary (type: string)

15

task_0

opcode_128

-

$NeededSize (type: string)

$ActualSize (type: string)

$ClientProcessID (type: string)

$RequiredSize (type: string)

$__binLength (type: integer)

$binary (type: string)

15

task_0

-

-

$Error (type: string)

$__binLength (type: integer)

$binary (type: string)

16

task_0

opcode_192

-

$Username (type: string)

$__binLength (type: integer)

$binary (type: string)

16

task_0

-

-

$Error (type: string)

$__binLength (type: integer)

$binary (type: string)

17

task_0

opcode_192

-

$Forest (type: string)

$__binLength (type: integer)

$binary (type: string)

17

task_0

-

-

$Error (type: string)

$__binLength (type: integer)

$binary (type: string)

18

task_0

opcode_128

-

$Luid (type: string)

$ClientPrincipalName (type: string)

$ServicePrincipalName (type: string)

$TicketFlags (type: string)

$StartTime (type: string)

$EndTime (type: string)

$RenewUntil (type: string)

$ErrorCode (type: string)

18

task_0

-

-

$Error (type: string)

$__binLength (type: integer)

$binary (type: string)

19

task_0

opcode_128

-

$ErrorCode (type: string)

19

task_0

-

-

$Error (type: string)

$__binLength (type: integer)

$binary (type: string)

20

task_0

opcode_128

-

$DomainName (type: string)

$ErrorCode (type: string)

100

task_0

-

ERROR

$SPN (type: string)

$ErrorCode (type: integer)

101

task_0

-

ERROR

$SPN (type: string)

$ErrorCode (type: integer)

102

task_0

-

ERROR

$DomainController (type: string)

$ErrorCode (type: integer)

103

task_0

-

ERROR

$ClientUpn (type: string)

$ErrorCode (type: integer)

104

task_0

-

ERROR

$TargetDomain (type: string)

$ErrorCode (type: integer)

105

task_0

-

ERROR

$LuidHighPart (type: integer)

$LuidLowPart (type: integer)

$DomainName (type: string)

$UserName (type: string)

$Refresh (type: boolean)

$CurrentFileTime (type: string)

$ErrorCode (type: integer)

106

task_0

-

ERROR

$ErrorCode (type: integer)

107

task_0

-

ERROR

$ExpectedDomainName (type: string)

$ErrorCode (type: integer)

108

task_0

-

ERROR

$ServerName (type: string)

$ServerPort (type: integer)

$ServerVdir (type: string)

$ErrorCode (type: integer)

$Status (type: integer)

109

task_0

-

ERROR

$Proxy (type: string)

$ProxyBypass (type: string)

$ProxyEpoch (type: integer)

$SupportedSchemes (type: integer)

$FirstScheme (type: integer)

$DigestCredInitialized (type: boolean)

$DigestCredDomainAndUserName (type: string)

$DigestCredEpoch (type: integer)

$BasicCredInitialized (type: boolean)

$BasicCredDomainAndUserName (type: string)

$BasicCredEpoch (type: integer)

200

task_0

-

WARNING

$TargetDomain (type: string)

$ErrorCode (type: integer)

201

task_0

-

WARNING

$TargetName (type: string)

$UserName (type: string)

$DomainName (type: string)

$CallerPID (type: integer)

$ProcessName (type: string)

$ClientLUID (type: string)

$ClientUserName (type: string)

$ClientDomainName (type: string)

$MechanismOID (type: string)

202

task_0

-

WARNING

$TargetName (type: string)

$UserName (type: string)

$DomainName (type: string)

$CallerPID (type: integer)

$ProcessName (type: string)

$ClientLUID (type: string)

$ClientUserName (type: string)

$ClientDomainName (type: string)

$MechanismOID (type: string)

203

task_0

-

WARNING

300

task_0

-

INFO

$DomainController (type: string)

$TargetDomain (type: string)

301

task_0

-

INFO

$Target (type: string)

302

task_0

-

INFO

$DomainController (type: string)

$TargetDomain (type: string)

$DesiredFlags (type: integer)

$CacheFlags (type: integer)

$ErrorCode (type: integer)

303

task_0

-

INFO

$LuidHighPart (type: integer)

$LuidLowPart (type: integer)

$DomainName (type: string)

$UserName (type: string)

$UpdateCurrent (type: boolean)

$UpdateOld (type: boolean)

$Refresh (type: boolean)

$LastFileTime (type: string)

$CurrentFileTime (type: string)

Microsoft-Windows-Security-Netlogon

4004

BlockingNTLM

-

WARNING

$SChannelName (type: string)

$UserName (type: string)

$DomainName (type: string)

$WorkstationName (type: string)

$SChannelType (type: integer)

4005

BlockingNTLM

-

WARNING

$SChannelName (type: string)

$UserName (type: string)

$DomainName (type: string)

$WorkstationName (type: string)

$SChannelType (type: integer)

4006

BlockingNTLM

-

WARNING

$SChannelName (type: string)

$UserName (type: string)

$DomainName (type: string)

$WorkstationName (type: string)

$SChannelType (type: integer)

8004

AuditingNTLM

-

INFO

$SChannelName (type: string)

$UserName (type: string)

$DomainName (type: string)

$WorkstationName (type: string)

$SChannelType (type: integer)

8005

AuditingNTLM

-

INFO

$SChannelName (type: string)

$UserName (type: string)

$DomainName (type: string)

$WorkstationName (type: string)

$SChannelType (type: integer)

8006

AuditingNTLM

-

INFO

$SChannelName (type: string)

$UserName (type: string)

$DomainName (type: string)

$WorkstationName (type: string)

$SChannelType (type: integer)

9000

MSA

-

ERROR

$AccountName (type: string)

$AccountDomain (type: string)

$Status (type: integer)

9001

MSA

-

ERROR

$Account (type: string)

9002

MSA

-

ERROR

$Account (type: string)

$Status (type: integer)

9003

MSA

-

ERROR

$Account (type: string)

$Status (type: integer)

9004

LOCATOR

-

WARNING

$RequestsRejected (type: integer)

Microsoft-Windows-Security-Vault

100

VaultPerformance

win:Start

INFO

101

VaultPerformance

win:Stop

INFO

102

VaultPerformance

win:Start

INFO

103

VaultPerformance

win:Stop

INFO

104

VaultPerformance

win:Start

INFO

105

VaultPerformance

win:Stop

INFO

106

VaultPerformance

win:Start

INFO

107

VaultPerformance

win:Stop

INFO

108

VaultPerformance

win:Start

INFO

109

VaultPerformance

win:Stop

INFO

110

VaultPerformance

win:Start

INFO

111

VaultPerformance

win:Stop

INFO

Microsoft-Windows-SmbWmiProvider

0

task_0

-

ERROR

$FunctionName (type: string)

$MiError (type: integer)

$Win32Error (type: integer)

1

task_0

-

ERROR

$Message (type: string)

Microsoft-Windows-Time-Service

1

task_0

-

ERROR

$TimeProvider (type: string)

$ErrorMessage (type: string)

2

task_0

-

WARNING

$TimeProvider (type: string)

$ErrorMessage (type: string)

3

task_0

-

INFO

$TimeProvider (type: string)

$ErrorMessage (type: string)

4

task_0

-

ERROR

$TimeProvider (type: string)

$ErrorMessage (type: string)

5

task_0

-

ERROR

$TimeProvider (type: string)

$ErrorMessage (type: string)

6

task_0

-

WARNING

$ErrorMessage (type: string)

7

task_0

-

WARNING

$TimeProvider (type: string)

$ErrorMessage (type: string)

8

task_0

-

WARNING

$TimeProvider (type: string)

$ErrorMessage (type: string)

9

task_0

-

WARNING

$TimeProvider (type: string)

$ErrorMessage (type: string)

10

task_0

-

WARNING

$TimeProvider (type: string)

$ErrorMessage (type: string)

11

task_0

-

WARNING

12

task_0

-

WARNING

13

task_0

-

WARNING

14

task_0

-

WARNING

$RetryMinutes (type: string)

15

task_0

-

WARNING

$ErrorMessage (type: string)

16

task_0

-

WARNING

$ManualPeer (type: string)

$ErrorMessage (type: string)

17

task_0

-

WARNING

$ManualPeer (type: string)

$ErrorMessage (type: string)

$RetryMinutes (type: string)

18

task_0

-

WARNING

$Domain (type: string)

$ErrorMessage (type: string)

$RetryMinutes (type: string)

19

task_0

-

ERROR

$LogFile (type: string)

$ErrorMessage (type: string)

20

task_0

-

ERROR

$LogFile (type: string)

$ErrorMessage (type: string)

21

task_0

-

ERROR

22

task_0

-

WARNING

$Peer (type: string)

$ErrorMessage (type: string)

23

task_0

-

WARNING

$Peer (type: string)

$ErrorMessage (type: string)

24

task_0

-

WARNING

$DomainPeer (type: string)

$ErrorMessage (type: string)

25

task_0

-

WARNING

$DomainPeer (type: string)

$ErrorMessage (type: string)

26

task_0

-

WARNING

$DomainPeer (type: string)

27

task_0

-

WARNING

$DomainPeer (type: string)

28

task_0

-

WARNING

29

task_0

-

WARNING

$RetryMinutes (type: string)

30

task_0

-

WARNING

$ErrorMessage (type: string)

31

task_0

-

WARNING

32

task_0

-

WARNING

$ErrorMessage (type: string)

33

task_0

-

WARNING

$SystemTimeChangeSeconds (type: string)

34

task_0

-

ERROR

$SystemTimeChangeSeconds (type: integer)

$MaxSystemTimeChangeSeconds (type: integer)

$TimeSource (type: string)

35

task_0

-

INFO

$TimeSource (type: string)

$TimeSourceRefId (type: integer)

$CurrentStratumNumber (type: integer)

36

task_0

-

WARNING

$UnsynchronizedTimeSeconds (type: integer)

$TimeRemainingToSetLocalClockFreeRunningSeconds (type: integer)

37

task_0

-

INFO

$TimeSource (type: string)

38

task_0

-

WARNING

$TimeSource (type: string)

39

task_0

-

WARNING

40

task_0

-

WARNING

$TimeProvider (type: string)

$ErrorMessage (type: string)

41

task_0

-

WARNING

42

task_0

-

ERROR

43

task_0

-

WARNING

$TimeProvider (type: string)

$ErrorMessage (type: string)

44

task_0

-

ERROR

$ErrorMessage (type: string)

45

task_0

-

ERROR

$ErrorMessage (type: string)

46

task_0

-

ERROR

$ErrorMessage (type: string)

47

task_0

-

WARNING

$ManualPeer (type: string)

$ErrorMessage (type: string)

48

task_0

-

WARNING

$ManualPeer (type: string)

$ErrorMessage (type: string)

$RetryMinutes (type: integer)

49

task_0

-

WARNING

$ErrorMessage (type: string)

50

task_0

-

WARNING

$TimeDifferenceMilliseconds (type: integer)

$TimeSampleSeconds (type: integer)

51

task_0

-

WARNING

$Peer (type: string)

$TimeDifferenceSeconds (type: string)

$TransmissionDelayMilliseconds (type: integer)

52

task_0

-

WARNING

$TimeOffsetSeconds (type: integer)

53

task_0

-

WARNING

$Peer (type: string)

54

task_0

-

ERROR

$ErrorMessage (type: string)

129

task_0

-

WARNING

$ErrorMessage (type: string)

$RetryMinutes (type: integer)

130

task_0

-

WARNING

$ErrorMessage (type: string)

$RetryMinutes (type: integer)

$DomainPeer (type: string)

131

task_0

-

WARNING

$ErrorMessage (type: string)

$RetryMinutes (type: integer)

$DomainPeer (type: string)

132

task_0

-

WARNING

$ErrorMessage (type: string)

$RetryMinutes (type: integer)

$DomainPeer (type: string)

$TimeSource (type: string)

133

task_0

-

WARNING

$ErrorMessage (type: string)

$RetryMinutes (type: integer)

134

task_0

-

WARNING

$ErrorMessage (type: string)

$RetryMinutes (type: integer)

$DomainPeer (type: string)

135

task_0

-

WARNING

$ErrorMessage (type: string)

$RetryMinutes (type: integer)

$DomainPeer (type: string)

$TimeSource (type: string)

136

task_0

-

WARNING

$ErrorMessage (type: string)

$RetryMinutes (type: integer)

137

task_0

-

INFO

$ManualPeer (type: string)

138

task_0

-

INFO

$DomainPeer (type: string)

139

task_0

-

INFO

140

task_0

-

WARNING

141

task_0

-

WARNING

142

task_0

-

WARNING

143

task_0

-

INFO

144

task_0

-

WARNING

145

task_0

-

WARNING

146

task_0

-

INFO

$ChainingCountRequests (type: integer)

$ChainLoggingRate (type: integer)

$ChainingCountSuccess (type: integer)

$ChainingCountFailure (type: integer)

147

task_0

-

-

148

task_0

-

-

149

task_0

-

-

150

task_0

-

-

151

task_0

-

-

152

task_0

-

-

153

task_0

-

-

154

task_0

-

-

156

task_0

-

WARNING

$ClientRID (type: integer)

$DomainPeer (type: string)

157

task_0

-

WARNING

$ClientAddress (type: string)

158

task_0

-

INFO

$TimeProvider (type: string)

159

task_0

-

WARNING

$ErrorMessage (type: string)

257

task_0

-

INFO

$CurrentTimeUTC (type: string)

$TickCount (type: integer)

$Configuration (type: string)

$TimeProviders (type: string)

$ClockRate (type: integer)

258

task_0

-

INFO

$CurrentTimeUTC (type: string)

$TickCount (type: integer)

$ErrorMessage (type: string)

259

task_0

-

INFO

$AllNtpServers (type: string)

$ChosenReferenceNtpServer (type: string)

$TickCount (type: integer)

$IFTSTMP (type: integer)

260

task_0

-

INFO

$Configuration (type: string)

$TimeProviders (type: string)

$LeapIndicator (type: integer)

$Stratum (type: integer)

$Precision (type: string)

$RootDelay (type: string)

$RootDispersion (type: string)

$ReferenceId (type: string)

$LastSuccessfulSyncTime (type: string)

$Source (type: string)

$PollInterval (type: integer)

$PhaseOffset (type: string)

$ClockRate (type: integer)

$StateMachine (type: integer)

$TimeSourceFlags (type: integer)

$ServerRole (type: integer)

$LastSyncError (type: integer)

$TimeSinceLastGoodSync (type: string)

$TickCount (type: integer)

261

task_0

-

INFO

$NewTime (type: string)

$OldTime (type: string)

$TickCount (type: integer)

262

task_0

-

INFO

$AdjustmentPPM (type: string)

$NewClockRate (type: integer)

$OldClockRate (type: integer)

$TickCount (type: integer)

$MinReportedAdjustmentPPM (type: string)

263

task_0

-

INFO

$Configuration (type: string)

$TimeProviders (type: string)

$TickCount (type: integer)

264

task_0

-

INFO

$AllNtpServers (type: string)

$TickCount (type: integer)

265

task_0

-

INFO

$TimeSource (type: string)

$TimeSourceRefId (type: string)

$LocalStratumNumber (type: integer)

$TickCount (type: integer)

266

task_0

-

INFO

$ReasonCode (type: integer)

$TickCount (type: integer)

272

task_0

-

INFO

$Enabled (type: integer)

$LeapSecondCount (type: integer)

$CurrentUtcOffset (type: integer)

$RuntimeStateAndSettingsConsistent (type: integer)

$NewestLeapSecondsList (type: string)

$TickCount (type: integer)

273

task_0

-

INFO

$Action (type: string)

$UtcTime (type: string)

$LocalTime (type: string)

$TimeProvider (type: string)

$TickCount (type: integer)

274

task_0

-

WARNING

$Action (type: string)

$UtcTime (type: string)

$LocalTime (type: string)

$TimeProvider (type: string)

$TickCount (type: integer)

275

task_0

-

WARNING

$UtcLeapSecondString (type: string)

$ErrorMessage (type: string)

$TickCount (type: integer)

276

task_0

-

WARNING

$Action (type: string)

$UtcTime (type: string)

$LocalTime (type: string)

$TimeProvider (type: string)

$TickCount (type: integer)

279

task_0

-

WARNING

$TickCount (type: integer)

280

task_0

-

WARNING

$RpcEndPointError (type: integer)

Microsoft-Windows-TPM-WMI

513

task_0

-

INFO

514

task_0

-

WARNING

$ErrorCode (type: string)

515

task_0

-

WARNING

516

task_0

-

INFO

517

task_0

-

WARNING

$HResult (type: integer)

518

task_0

-

INFO

$HResult (type: integer)

769

task_0

-

INFO

$OldOSManagedAuthLevel (type: integer)

$NewOSManagedAuthLevel (type: integer)

1025

task_0

-

INFO

1026

task_0

-

INFO

$ErrorCode (type: integer)

$StatusInformation (type: string)

1027

task_0

-

INFO

1028

task_0

-

INFO

1029

task_0

-

INFO

$ErrorCode (type: string)

1030

task_0

-

INFO

1031

task_0

-

INFO

$ErrorCode (type: string)

1032

task_0

-

ERROR

1281

task_0

-

INFO

1282

task_0

-

INFO

1537

task_0

-

INFO

$HealthAttestationServer (type: string)

1538

task_0

-

WARNING

$HealthAttestationServer (type: string)

$HResult (type: integer)

1539

task_0

-

WARNING

$HealthAttestationServer (type: string)

$HTTPStatus (type: integer)

$ServerResponse (type: string)

1793

task_0

-

INFO

1794

task_0

-

ERROR

Microsoft-Windows-UserModePowerService

1

RundownPlatformRole

-

INFO

$PlatformRole (type: integer)

2

RundownPowerScheme

-

INFO

$SchemeGuid (type: string)

3

RundownAcPowerSetting

-

INFO

$SubgroupGuid (type: string)

$SettingGuid (type: string)

$ValueIndex (type: integer)

$Type (type: integer)

$DataSize (type: integer)

$Data (type: string)

4

RundownDcPowerSetting

-

INFO

$SubgroupGuid (type: string)

$SettingGuid (type: string)

$ValueIndex (type: integer)

$Type (type: integer)

$DataSize (type: integer)

$Data (type: string)

5

AdaptiveDimTimeout

-

INFO

$Timeout (type: integer)

7

task_0

-

INFO

$Name (type: string)

8

RundownBatteryInformation

-

INFO

$DeviceName (type: string)

$ManufacturerName (type: string)

$ManufactureDay (type: integer)

$ManufactureMonth (type: integer)

$ManufactureYear (type: integer)

$SerialNumber (type: string)

$Capabilities (type: integer)

$Technology (type: integer)

$Pad (type: string)

$Chemistry (type: string)

$DesignCapacity (type: integer)

$FullChargeCapacity (type: integer)

$DefaultAlert1 (type: integer)

$DefaultAlert2 (type: integer)

$CriticalBias (type: integer)

$CycleCount (type: integer)

$GranularityScaleCount (type: integer)

$GranularityScale (type: string)

$UniqueId (type: string)

9

RundownBatteryStatus

-

INFO

$State (type: integer)

$Capacity (type: integer)

$Voltage (type: integer)

$Rate (type: integer)

$EstimatedRuntime (type: integer)

$UniqueId (type: string)

10

RundownBrightnessCapability

-

INFO

$BrightnessCapable (type: boolean)

11

RundownPowerSource

-

INFO

$AcOnline (type: boolean)

12

PowerSchemeChanged

-

INFO

$ProcessPath (type: string)

$ProcessPid (type: integer)

$OldSchemeGuid (type: string)

$NewSchemeGuid (type: string)

13

PowerMeterData

-

INFO

$MeterId (type: string)

$value (type: integer)

14

PowerMeterMetaData

-

INFO

$MeterId (type: string)

$SamplingPeriod (type: integer)

$MeterNameLength (type: integer)

$MeterName (type: string)

$MeteredHardwareCount (type: integer)

$MeteredHardwareName (type: string)

15

RundownOverrideConfiguration

-

INFO

$Flags (type: integer)

$ProcessorVendor (type: integer)

$ProcessorType (type: integer)

16

RundownOverridePowerSetting

-

INFO

$SchemeGuid (type: string)

$SubgroupGuid (type: string)

$SettingGuid (type: string)

$Flags (type: integer)

$DataType (type: integer)

$DataSize (type: integer)

$Data (type: string)

16

RundownOverridePowerSetting

-

INFO

$SchemeGuid (type: string)

$SubgroupGuid (type: string)

$SettingGuid (type: string)

$Flags (type: integer)

$DataType (type: integer)

$DataSize (type: integer)

$Data (type: string)

$ProfileGuid (type: string)

17

RundownPowerProfileSetting

-

INFO

$ProfileGuid (type: string)

$SubgroupGuid (type: string)

$SettingGuid (type: string)

$SchemePersonalityGuid (type: string)

$Flags (type: integer)

$ValueIndex (type: integer)

$Type (type: integer)

$DataSize (type: integer)

$Data (type: string)

18

EnergyMeterData

-

INFO

$MeterId (type: string)

$AbsoluteEnergy (type: integer)

$AbsoluteTime (type: integer)

19

EnergyMeterMetaData

-

INFO

$MeterId (type: string)

$SamplingPeriod (type: integer)

$ChannelNameLength (type: integer)

$ChannelName (type: string)

22

ProvEngineTurnApply

-

INFO

$Turn (type: integer)

23

RundownConsoleSession

-

INFO

$SessionId (type: integer)

24

ConsoleSessionChange

-

INFO

$Event (type: integer)

$SessionId (type: integer)

25

RundownSessionUser

-

INFO

$UserContextToken (type: integer)

$SessionId (type: integer)

$UserSid (type: string)

26

SessionUserChange

-

INFO

$Event (type: integer)

$UserContextToken (type: integer)

$SessionId (type: integer)

$UserSid (type: string)

27

RundownSmartUserPresenceState

-

INFO

$Supported (type: boolean)

$GlobalUserPresent (type: boolean)

$UserPredictionMode (type: integer)

$MinConfidence (type: integer)

$SuspendCount (type: integer)

$LastUserAwayEndSystemTime (type: integer)

28

RundownSmartUserPresenceIntevals

-

INFO

$UserSid (type: string)

$IntervalCount (type: integer)

$AwayIntervals (type: integer)

28

RundownSmartUserPresenceIntevals

-

INFO

$UserSid (type: string)

$IntervalCount (type: integer)

$AwayIntervals (type: integer)

$Flags (type: integer)

29

SmartUserPresenceIntervalsSet

-

INFO

$UserSid (type: string)

$IntervalCount (type: integer)

$AwayIntervals (type: integer)

29

SmartUserPresenceIntervalsSet

-

INFO

$UserSid (type: string)

$IntervalCount (type: integer)

$AwayIntervals (type: integer)

$Flags (type: integer)

30

SmartUserPresenceIntevalsClear

-

INFO

$UserSid (type: string)

31

SmartUserPresencePrediction

-

INFO

$UserAwayEndSystemTime (type: integer)

32

SmartUserPresenceSuspendResume

-

INFO

$Suspend (type: boolean)

$SuspendCount (type: integer)

$GlobalUserPresent (type: boolean)

$UserPredictionMode (type: integer)

33

SmartUserPresenceTimeUpdate

-

INFO

$SystemTimeShift (type: integer)

34

SleepStudySleepSession

win:Start

INFO

$Type (type: integer)

$Id (type: integer)

35

SleepStudySleepSession

win:Stop

INFO

$Type (type: integer)

$Id (type: integer)

$ErrorCode (type: integer)

36

SleepStudySleepSession

TooShort

INFO

$Type (type: integer)

$Id (type: integer)

37

SleepStudySleepSessionRelogging

win:Start

INFO

$Type (type: integer)

$Id (type: integer)

38

SleepStudySleepSessionRelogging

win:Stop

INFO

$Type (type: integer)

$Id (type: integer)

$ErrorCode (type: integer)

39

SleepStudySleepSessionRelogging

PassStart

INFO

$Type (type: integer)

$Id (type: integer)

40

SleepStudySleepSessionRelogging

PassStop

INFO

$Type (type: integer)

$Id (type: integer)

$ErrorCode (type: integer)

41

SleepStudySleepSessionRelogging

MissingStart

ERROR

$Type (type: integer)

$Id (type: integer)

42

SleepStudySleepSessionRelogging

MissingStop

ERROR

$Type (type: integer)

$Id (type: integer)

$ErrorCode (type: integer)

43

BrightnessAndTransitionTimes

-

INFO

$EffectiveBrightnessPercentage (type: integer)

$EffectiveBrightnessMillinits (type: integer)

$NewBrightnessTransitionTime (type: integer)

$DimmingTransitionTime (type: integer)

$DimmedBrightnessPercentage (type: integer)

$DimmedBrightnessMillinits (type: integer)

$NewDimmedTransitionTime (type: integer)

$UnDimmingTransitionTime (type: integer)

44

AdaptiveStandby

BatteryReserveAction

INFO

$TimeInStandby (type: integer)

$RemainingBatteryPercentage (type: integer)

$RemainingBatteryTime (type: integer)

$ReserveBatteryTime (type: integer)

$ExecuteAction (type: boolean)

$RejectReason (type: integer)

44

AdaptiveStandby

BatteryReserveAction

INFO

$TimeInStandby (type: integer)

$GracePeriod (type: integer)

$RemainingBatteryPercentage (type: integer)

$RemainingBatteryTime (type: integer)

$ReserveBatteryTime (type: integer)

$ExecuteAction (type: boolean)

$RejectReason (type: integer)

44

AdaptiveStandby

BatteryReserveAction

INFO

$TimeInStandby (type: integer)

$GracePeriod (type: integer)

$RemainingBatteryPercentage (type: integer)

$RemainingBatteryTime (type: integer)

$ReserveBatteryTime (type: integer)

$ExecuteAction (type: boolean)

$RejectReason (type: integer)

$DataSources (type: integer)

45

AdaptiveStandby

StandbyBudgetAction

INFO

$TimeInStandby (type: integer)

$RemainingBatteryPercentage (type: integer)

$StandbyBatteryDrainPercentage (type: integer)

$BatteryDrainPercentageThreshold (type: integer)

$ExecuteAction (type: boolean)

$RejectReason (type: integer)

45

AdaptiveStandby

StandbyBudgetAction

INFO

$TimeInStandby (type: integer)

$GracePeriod (type: integer)

$RemainingBatteryPercentage (type: integer)

$StandbyBatteryDrainPercentage (type: integer)

$BatteryDrainPercentageThreshold (type: integer)

$ExecuteAction (type: boolean)

$RejectReason (type: integer)

45

AdaptiveStandby

StandbyBudgetAction

INFO

$TimeInStandby (type: integer)

$GracePeriod (type: integer)

$RemainingBatteryPercentage (type: integer)

$StandbyBatteryDrainPercentage (type: integer)

$BatteryDrainPercentageThreshold (type: integer)

$ExecuteAction (type: boolean)

$RejectReason (type: integer)

$DataSources (type: integer)

46

AdaptiveStandby

StandbyBudgetReset

INFO

$ActualTimeRange (type: integer)

$RemainingBatteryPercentage (type: integer)

47

AdaptiveStandby

SrumFailure

INFO

$Action (type: integer)

$Error (type: integer)

48

GpuAdapterCount

-

INFO

$Id (type: integer)

$GpuCount (type: integer)

49

RundownOverlaySchemePowerSetting

-

INFO

$OverlaySchemeGuid (type: string)

$SubgroupGuid (type: string)

$SettingGuid (type: string)

$Flags (type: integer)

$ValueIndex (type: integer)

$Type (type: integer)

$DataSize (type: integer)

$Data (type: string)

50

RundownActualOverlayPowerScheme

-

INFO

$SchemeGuid (type: string)

50

RundownActualOverlayPowerScheme

-

INFO

$SchemeGuid (type: string)

$AcOverlay (type: boolean)

51

OverlayPowerSchemeChanged

-

INFO

$ProcessPath (type: string)

$ProcessPid (type: integer)

$OldSchemeGuid (type: string)

$NewSchemeGuid (type: string)

52

RundownEffectiveOverlayPowerScheme

-

INFO

$SchemeGuid (type: string)

53

RundownOverlaySuspendReason

-

INFO

$Reason (type: integer)

54

OverlaySuspendResume

-

INFO

$Reason (type: integer)

$Suspend (type: boolean)

55

OverrideDllSettingsUpdate

-

INFO

56

OverrideDllPowerSetting

-

INFO

$SchemeGuid (type: string)

$SubgroupGuid (type: string)

$SettingGuid (type: string)

$Flags (type: integer)

$DataType (type: integer)

$DataSize (type: integer)

$Data (type: string)

$ProfileGuid (type: string)

57

AdaptiveStandby

win:Start

INFO

$Reason (type: integer)

58

AdaptiveStandby

win:Stop

INFO

$Reason (type: integer)

Microsoft-Windows-VerifyHardwareSecurity

3001

CheckGeneric

reportCheck

INFO

$CurrentCheckBit (type: integer)

3002

CheckSecureBootEnabled

securebootEnabledFailedCheck

ERROR

3003

CheckSecureBootEnabled

securebootEnabledFailedToCheck

WARNING

$hr (type: integer)

3004

CheckCertificates

certsFailedCheck

ERROR

$name (type: string)

$database (type: string)

$bytes (type: string)

3005

CheckCertificates

certsFailedToCheck

WARNING

$hr (type: integer)

3006

CheckSecureBootPolicy

securebootPolicyFailedCheck

ERROR

3007

CheckSecureBootPolicy

securebootPolicyFailedToCheck

WARNING

$hr (type: integer)

3008

CheckHostLockdownPolicy

HostLockdownCheck

INFO

$HostProvider (type: string)

$ModulePath (type: string)

$Method (type: string)

$InternalName (type: string)

3009

CheckHostLockdownPolicy

HostLockdownCheck

ERROR

$HostProvider (type: string)

$ModulePath (type: string)

$Method (type: string)

$InternalName (type: string)

$hr (type: integer)

3010

CheckHostLockdownPolicy

HostLockdownCheck

ERROR

$HostProvider (type: string)

$ModulePath (type: string)

$Method (type: string)

$InternalName (type: string)

3011

CheckHostLockdownPolicy

HostLockdownCheck

ERROR

$HostProvider (type: string)

$ModulePath (type: string)

$Method (type: string)

$hr (type: integer)

3012

CheckHostLockdownPolicy

HostLockdownCheck

INFO

$HostProvider (type: string)

$ModulePath (type: string)

$Method (type: string)

$InternalName (type: string)

3013

CheckHostLockdownPolicy

HostLockdownCheck

INFO

$HostProvider (type: string)

$ModulePath (type: string)

$Method (type: string)

$InternalName (type: string)

Microsoft-Windows-WindowsUpdateClient

16

AutomaticUpdates

CheckforUpdates

WARNING

17

AutomaticUpdates

Download

INFO

$updatelist (type: string)

18

AutomaticUpdates

Download

INFO

$schedinstalldate (type: string)

$schedinstalltime (type: string)

$updatelist (type: string)

19

WindowsUpdateAgent

Installation

INFO

$updateTitle (type: string)

$updateGuid (type: string)

$updateRevisionNumber (type: integer)

19

WindowsUpdateAgent

Installation

INFO

$updateTitle (type: string)

$updateGuid (type: string)

$updateRevisionNumber (type: integer)

$serviceGuid (type: string)

20

WindowsUpdateAgent

Installation

ERROR

$errorCode (type: string)

$updateTitle (type: string)

$updateGuid (type: string)

$updateRevisionNumber (type: integer)

20

WindowsUpdateAgent

Installation

ERROR

$errorCode (type: string)

$updateTitle (type: string)

$updateGuid (type: string)

$updateRevisionNumber (type: integer)

$serviceGuid (type: string)

21

AutomaticUpdates

Reboot

INFO

$updatelist (type: string)

22

AutomaticUpdates

Reboot

INFO

$restarttime (type: string)

$updatelist (type: string)

23

WindowsUpdateAgent

Uninstallation

INFO

$updateTitle (type: string)

$updateGuid (type: string)

$updateRevisionNumber (type: integer)

23

WindowsUpdateAgent

Uninstallation

INFO

$updateTitle (type: string)

$updateGuid (type: string)

$updateRevisionNumber (type: integer)

$serviceGuid (type: string)

24

WindowsUpdateAgent

Uninstallation

ERROR

$errorCode (type: string)

$updatelist (type: string)

$updateGuid (type: string)

$updateRevisionNumber (type: integer)

24

WindowsUpdateAgent

Uninstallation

ERROR

$errorCode (type: string)

$updatelist (type: string)

$updateGuid (type: string)

$updateRevisionNumber (type: integer)

$serviceGuid (type: string)

25

WindowsUpdateAgent

CheckforUpdates

ERROR

$errorCode (type: string)

25

WindowsUpdateAgent

CheckforUpdates

ERROR

$errorCode (type: string)

$serviceGuid (type: string)

26

WindowsUpdateAgent

CheckforUpdates

INFO

$updateCount (type: integer)

26

WindowsUpdateAgent

CheckforUpdates

INFO

$updateCount (type: integer)

$serviceGuid (type: string)

27

WindowsUpdateAgent

StateChange

INFO

28

WindowsUpdateAgent

StateChange

INFO

29

WindowsUpdateAgent

StateChange_1_17

WARNING

30

WindowsUpdateAgent

StateChange_1_17

INFO

31

WindowsUpdateAgent

Download

ERROR

$errorCode (type: string)

$updateGuid (type: string)

$updateRevisionNumber (type: integer)

31

WindowsUpdateAgent

Download

ERROR

$updateTitle (type: string)

$errorCode (type: string)

$updateGuid (type: string)

$updateRevisionNumber (type: integer)

32

WindowsUpdateAgent

StateChange_1_17

INFO

$serverName (type: string)

33

WindowsUpdateAgent

StateChange_1_17

INFO

$serverName (type: string)

34

WindowsUpdateAgent

SelfUpdate

WARNING

$errorCode (type: string)

35

WindowsUpdateAgent

SelfUpdate

WARNING

$errorCode (type: string)

36

WindowsUpdateAgent

SelfUpdate

INFO

$version1 (type: string)

$version2 (type: string)

37

WindowsUpdateAgent

SelfUpdate

INFO

$version1 (type: string)

$version2 (type: string)

38

WindowsUpdateAgent

StateChange_1_17

INFO

39

WindowsUpdateAgent

StateChange_1_17

INFO

40

WindowsUpdateAgent

StateChange_1_17

INFO

$updateGuid (type: string)

$updateRevisionNumber (type: integer)

40

WindowsUpdateAgent

StateChange_1_17

INFO

$updateGuid (type: string)

$updateRevisionNumber (type: integer)

$serviceGuid (type: string)

41

WindowsUpdateAgent

Download

INFO

$updateGuid (type: string)

$updateRevisionNumber (type: integer)

41

WindowsUpdateAgent

Download

INFO

$updateTitle (type: string)

$updateGuid (type: string)

$updateRevisionNumber (type: integer)

42

AutomaticUpdates

Other

INFO

$hc_stateid (type: integer)

$restartDate (type: string)

$restartTime (type: string)

43

WindowsUpdateAgent

Installation

INFO

$updateTitle (type: string)

$updateGuid (type: string)

$updateRevisionNumber (type: integer)

43

WindowsUpdateAgent

Installation

INFO

$updateTitle (type: string)

$updateGuid (type: string)

$updateRevisionNumber (type: integer)

44

WindowsUpdateAgent

Download

INFO

$updateGuid (type: string)

$updateRevisionNumber (type: integer)

44

WindowsUpdateAgent

Download

INFO

$updateTitle (type: string)

$updateGuid (type: string)

$updateRevisionNumber (type: integer)

209

WindowsUpdateAgent

win:Start

INFO

$pdcActivationId (type: integer)

$description (type: string)

$accessType (type: integer)

$isInteractiveOrAPIDriven (type: boolean)

$stopIdleTimer (type: boolean)

$networkRefCount (type: integer)

$systemRefCount (type: integer)

210

WindowsUpdateAgent

-

INFO

$pdcActivationId (type: integer)

$description (type: string)

$accessType (type: integer)

$isInteractiveOrAPIDriven (type: boolean)

$stopIdleTimer (type: boolean)

$networkRefCount (type: integer)

$systemRefCount (type: integer)

211

WindowsUpdateAgent

win:Stop

INFO

$pdcActivationId (type: integer)

$description (type: string)

$accessType (type: integer)

$isInteractiveOrAPIDriven (type: boolean)

$stopIdleTimer (type: boolean)

$networkRefCount (type: integer)

$systemRefCount (type: integer)

212

WindowsUpdateAgent

Revert

INFO

$updateTitle (type: string)

$updateGuid (type: string)

$updateRevisionNumber (type: integer)

$serviceGuid (type: string)

213

WindowsUpdateAgent

Revert

ERROR

$errorCode (type: string)

$updatelist (type: string)

$updateGuid (type: string)

$updateRevisionNumber (type: integer)

214

WindowsUpdateAgent

Revert

INFO

$updateTitle (type: string)

$updateGuid (type: string)

$updateRevisionNumber (type: integer)

215

WindowsUpdateAgent

Uninstallation

INFO

$updateTitle (type: string)

$updateGuid (type: string)

$updateRevisionNumber (type: integer)

Microsoft-Windows-WMI-Activity

1

task_0

-

INFO

$GroupOperationId (type: integer)

$OperationId (type: integer)

$Operation (type: string)

$ClientMachine (type: string)

$User (type: string)

$ClientProcessId (type: integer)

$NamespaceName (type: string)

2

task_0

-

INFO

$GroupOperationId (type: integer)

$Operation (type: string)

$ProviderName (type: string)

$ProviderGuid (type: string)

$Path (type: string)

3

task_0

-

INFO

$OperationId (type: integer)

11

task_0

-

INFO

$CorrelationId (type: string)

$GroupOperationId (type: integer)

$OperationId (type: integer)

$Operation (type: string)

$ClientMachine (type: string)

$ClientMachineFQDN (type: string)

$User (type: string)

$ClientProcessId (type: integer)

$ClientProcessCreationTime (type: integer)

$NamespaceName (type: string)

$IsLocal (type: boolean)

12

task_0

-

INFO

$GroupOperationId (type: integer)

$Operation (type: string)

$HostId (type: integer)

$ProviderName (type: string)

$ProviderGuid (type: string)

$Path (type: string)

13

task_0

-

INFO

$OperationId (type: integer)

$ResultCode (type: string)

14

task_0

-

INFO

$OperationId (type: integer)

$Operation (type: string)

$Channel (type: integer)

$Message (type: string)

15

task_0

-

INFO

$OperationId (type: integer)

$Operation (type: string)

$ErrorId (type: string)

$ErrorCategory (type: integer)

$Message (type: string)

$TargetName (type: string)

16

task_0

-

INFO

$OperationId (type: integer)

$Operation (type: string)

$ErrorId (type: string)

$Message (type: string)

17

task_0

-

INFO

$CorrelationId (type: string)

$ProcessId (type: integer)

$Protocol (type: string)

$Operation (type: string)

$User (type: string)

$Namespace (type: string)

18

task_0

-

INFO

$ConsumerType (type: string)

$PossibleCause (type: string)

19

task_0

-

INFO

$OperationID (type: integer)

$Operation (type: string)

$ClientProcessId (type: integer)

$ClientMachineFQDN (type: string)

$ClientProcessCreationTime (type: integer)

$IsLocal (type: boolean)

20

task_0

-

INFO

$OperationID (type: integer)

$Operation (type: string)

$Flags (type: integer)

$ClientProcessId (type: integer)

$ClientMachineFQDN (type: string)

$ClientProcessCreationTime (type: integer)

$IsLocal (type: boolean)

21

task_0

-

INFO

$ConsumerType (type: string)

$PossibleCause (type: string)

22

task_0

-

INFO

$CorrelationId (type: string)

$GroupOperationId (type: integer)

$OperationId (type: integer)

$ClassName (type: string)

$MethodName (type: string)

$ImplementationClass (type: string)

$ClientMachine (type: string)

$ClientMachineFQDN (type: string)

$User (type: string)

$ClientProcessId (type: integer)

$ClientProcessCreationTime (type: integer)

$NamespaceName (type: string)

$IsLocal (type: boolean)

23

task_0

-

INFO

$CorrelationId (type: string)

$GroupOperationId (type: integer)

$OperationId (type: integer)

$Commandline (type: string)

$CreatedProcessId (type: integer)

$CreatedProcessCreationTime (type: integer)

$ClientMachine (type: string)

$ClientMachineFQDN (type: string)

$User (type: string)

$ClientProcessId (type: integer)

$ClientProcessCreationTime (type: integer)

$IsLocal (type: boolean)

50

task_0

-

INFO

100

task_0

-

-

$ComponentName (type: string)

$MessageDetail (type: string)

$FileName (type: string)

101

task_0

-

ERROR

$ComponentName (type: string)

$ErrorId (type: string)

$ErrorDetail (type: string)

$FileName (type: string)

5857

task_0

-

-

$ProviderName (type: string)

$Code (type: string)

$HostProcess (type: string)

$ProcessID (type: integer)

$ProviderPath (type: string)

5858

task_0

-

ERROR

$Id (type: string)

$ClientMachine (type: string)

$User (type: string)

$ClientProcessId (type: integer)

$Component (type: string)

$Operation (type: string)

$ResultCode (type: string)

$PossibleCause (type: string)

5859

task_0

-

-

$NamespaceName (type: string)

$Query (type: string)

$User (type: string)

$processid (type: integer)

$providerName (type: string)

$queryid (type: integer)

$PossibleCause (type: string)

5860

task_0

-

-

$NamespaceName (type: string)

$Query (type: string)

$User (type: string)

$processid (type: integer)

$MachineName (type: string)

$PossibleCause (type: string)

5861

task_0

-

-

$Namespace (type: string)

$ESS (type: string)

$CONSUMER (type: string)

$PossibleCause (type: string)

Microsoft-Windows-WMI

4

task_0

opcode_192

-

10

task_0

opcode_192

-

21

task_0

opcode_192

-

22

task_0

opcode_192

-

23

task_0

opcode_192

-

24

task_0

opcode_192

-

25

task_0

opcode_192

-

28

task_0

opcode_192

-

29

task_0

opcode_192

-

43

task_0

opcode_192

-

48

task_0

opcode_192

-

58

task_0

opcode_192

-

59

task_0

opcode_192

-

63

task_0

opcode_128

-

65

task_0

opcode_192

-

66

task_0

opcode_192

-

67

task_0

-

INFO

$BackupFile (type: string)

67

task_0

opcode_192

-

68

task_0

-

INFO

$BackupFile (type: string)

$Error (type: string)

68

task_0

opcode_192

-

5600

task_0

opcode_64

-

5601

task_0

opcode_192

-

5602

task_0

opcode_192

-

5604

task_0

opcode_192

-

5605

task_0

opcode_192

-

5606

task_0

opcode_192

-

5611

task_0

opcode_192

-

5612

task_0

opcode_192

-

5614

task_0

opcode_192

-

5615

task_0

opcode_192

-

5616

task_0

opcode_192

-

5617

task_0

opcode_192

-

5631

task_0

opcode_192

-