Examples of 17

Log Name:      Microsoft-Windows-Sysmon/Operational
Source:        Microsoft-Windows-Sysmon
Date:          4/11/2018 9:07:26 AM
Event ID:      17
Task Category: Pipe Created (rule: PipeEvent)
Level:         Information
Keywords:     
User:          SYSTEM
Computer:      rfsh.lab.local
Description:
Pipe Created:
UtcTime: 2018-04-11 16:07:26.244
ProcessGuid: {c47a3e70-32bd-5ace-0000-0010b1f39501}
ProcessId: 19564
PipeName: \testpipe
Image: C:\Users\rsmith\source\repos\namedpipecreate\namedpipecreate\bin\Debug\namedpipecreate.exe

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Sysmon" Guid="{5770385F-C22A-43E0-BF4C-06F5698FFBD9}" />
    <EventID>17</EventID>
    <Version>1</Version>
    <Level>4</Level>
    <Task>17</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2018-04-11T16:07:26.245490100Z" />
    <EventRecordID>59596</EventRecordID>
    <Correlation />
    <Execution ProcessID="7620" ThreadID="21808" />
    <Channel>Microsoft-Windows-Sysmon/Operational</Channel>
    <Computer>rfsh.lab.local</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="UtcTime">2018-04-11 16:07:26.244</Data>
    <Data Name="ProcessGuid">{C47A3E70-32BD-5ACE-0000-0010B1F39501}</Data>
    <Data Name="ProcessId">19564</Data>
    <Data Name="PipeName">\testpipe</Data>
    <Data
Name="Image">C:\Users\rsmith\source\repos\namedpipecreate\namedpipecreate\bin\Debug\namedpipecreate.exe</Data>
  </EventData>
</Event>

Keep me up-to-date on the Windows Security Log.
Email*:
*We will NOT share this

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection