System32
Sysmon
Events
Compliance
Validator
TLS/SSL
GeoIP
Tools
EventSentry Events
Source
EventSentry
(2)
Category
Process Monitoring
(2)
Tags
AppLocker
All AppLocker events
EventSentry
All EventSentry events
Security
All Windows Security events
Sysmon
All Sysmon events
ID
Event Message
10410
A new process is listening for incoming TCP connections: Process Name: %1 (PID=%2) Local TCP Port: %3 Local Address: %4 Note: Connection requests may be blocked if a firewall is active.
10411
A process previously listening for incoming TCP connections is no longer actively listening on this port: Process Name: %1 (PID=%2) Local TCP Port: %3 Local Address: %4