Event Details
Operating System->Microsoft Windows->Application logs->Sysinternals->Microsoft-Windows-Sysmon/Operational->EventID 3 - Network connection detected
EventID 3 - Network connection detected
 Sample:
Network connection detected:
    RuleName: %1!s!
    UtcTime: %2!s!
    ProcessGuid: %3!s!
    ProcessId: %4!s!
    Image: %5!s!
    User: %6!s!
    Protocol: %7!s!
    Initiated: %8!s!
    SourceIsIpv6: %9!s!
    SourceIp: %10!s!
    SourceHostname: %11!s!
    SourcePort: %12!s!
    SourcePortName: %13!s!
    DestinationIsIpv6: %14!s!
    DestinationIp: %15!s!
    DestinationHostname: %16!s!
    DestinationPort: %17!s!
    DestinationPortName: %18!s!
Log Type: Windows Event Log
 Uniquely Identified By:
Log Name: Microsoft-Windows-Sysmon/Operational
Filtering Field Equals to Value
EventId 3
Field Matching
FieldDescriptionStored inSample Value
DateTime Date/Time of event origination in GMT format. DateTime 10.10.2000 19:00:00
Source Name of an Application or System Service originating the event. Source Security
Type Warning, Information, Error, Success, Failure, etc. Type Success
User Domain\Account name of user/service/computer initiating event. User RESEARCH\Alebovsky
Computer Name of server workstation where event was logged. Computer DC1
EventID Numerical ID of event. Unique within one Event Source. EventId 576
Description The entire unparsed event message. Description Special privileges assigned to new logon.
Log Name The name of the event log (e.g. Application, Security, System, etc.) LogName Security
Process ID InsertionString4
Process Name InsertionString5
Image File Name InsertionString5
User_Name InsertionString6
Protocol InsertionString7
IP Address InsertionString10
Source Network Address InsertionString10
Workstation Name InsertionString11
Source Port InsertionString12
Destination InsertionString15
Target Address InsertionString15
Target Server Name InsertionString16
Target Port InsertionString17
Comments
You must be logged in to comment