System32
Sysmon
Events
Compliance
Validator
TLS/SSL
GeoIP
Tools
Sysmon Events
Source
Microsoft-Windows-Sysmon
(1)
Category
File created (rule: FileCreate)
(1)
Tags
AppLocker
All AppLocker events
EventSentry
All EventSentry events
Security
All Windows Security events
Sysmon
All Sysmon events
ID
Event Message
11
File created: RuleName: %1!s! UtcTime: %2!s! ProcessGuid: %3!s! ProcessId: %4!s! Image: %5!s! TargetFilename: %6!s! CreationUtcTime: %7!s! User: %8!s!