Event ID 21

Consumer binds to a WMI filter

Source:

Microsoft-Windows-Sysmon

Category:

WmiEventConsumerToFilter activity detected

WmiEventConsumerToFilter activity detected:
    RuleName: %1!s!
    EventType: %2!s!
    UtcTime: %3!s!
    Operation: %4!s!
    User: %5!s!
    Consumer: %6!s!
    Filter: %7!s!

When a consumer binds to a filter, this event logs the consumer name and filter path.

LEFT/RIGHT arrow keys for navigation

Back to List