When
|
At what date and time a user activity originated in the system.
|
DateTime
|
10.10.2000 19:00:00
|
Who
|
Account or user name under which the activity occured.
|
"Windows Filtering Platform"
|
Windows Filtering Platform
|
What
|
The type of activity occurred (e.g. Logon, Password Changed, etc.)
|
"Connection blocked"
|
Connection blocked
|
Where
|
The name of the workstation/server where the activity was logged.
|
-
|
10.10.10.10
|
Where From
|
The name of the workstation/server where the activity was initiated from.
|
-
|
10.10.10.10
|
Severity
|
Specify the seriousness of the event.
|
"Low"
|
Low
|
WhoDomain
|
|
-
|
|
WhereDomain
|
|
-
|
|
Process ID
|
|
Application Information: Process ID
|
1200
|
Process Name
|
|
Application Information: Application Name
|
\device\harddiskvolume1\windows\system32\svchost.exe
|
Direction
|
|
Network Information: Direction
|
Inbound
|
Source Address
|
|
Network Information: Source Address
|
ff02::1:3
|
Source Port
|
|
Network Information: Source Port
|
5355
|
Target Address
|
|
Network Information: Destination Address
|
fe80::34cd:aa6a:d4da:913d
|
Target Port
|
|
Network Information: Destination Port
|
64245
|
Protocol
|
|
Network Information: Protocol
|
17
|
Filter ID
|
|
Filter Information: Filter Run-Time ID
|
0
|
Layer Name
|
|
Filter Information: Layer Name
|
Receive/Accept
|
Layer ID
|
|
Filter Information: Layer Run-Time ID
|
46
|