Sysmon Event ID 17
17: Pipe created
This is an event from
Sysmon.
On this page
Free Security Log Resources by Randy
- Log Name
- Source
- Date
- Event ID
- Task Category
- Level
- Keywords
- User
- Computer
- Description
- Pipe Created
- UtcTime
- ProcessGuid
- ProcessId
- PipeName
- Image
Setup PowerShell Audit Log Forwarding in 4 Minutes
Log Name: Microsoft-Windows-Sysmon/Operational
Source: Microsoft-Windows-Sysmon
Date: 4/11/2018 9:07:26 AM
Event ID: 17
Task Category: Pipe Created (rule: PipeEvent)
Level: Information
Keywords:
User: SYSTEM
Computer: rfsh.lab.local
Description:
Pipe Created:
UtcTime: 2018-04-11 16:07:26.244
ProcessGuid: {c47a3e70-32bd-5ace-0000-0010b1f39501}
ProcessId: 19564
PipeName: \testpipe
Image: C:\Users\rsmith\source\repos\namedpipecreate\namedpipecreate\bin\Debug\namedpipecreate.exe
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Sysmon" Guid="{5770385F-C22A-43E0-BF4C-06F5698FFBD9}" />
<EventID>17</EventID>
<Version>1</Version>
<Level>4</Level>
<Task>17</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2018-04-11T16:07:26.245490100Z" />
<EventRecordID>59596</EventRecordID>
<Correlation />
<Execution ProcessID="7620" ThreadID="21808" />
<Channel>Microsoft-Windows-Sysmon/Operational</Channel>
<Computer>rfsh.lab.local</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="UtcTime">2018-04-11 16:07:26.244</Data>
<Data Name="ProcessGuid">{C47A3E70-32BD-5ACE-0000-0010B1F39501}</Data>
<Data Name="ProcessId">19564</Data>
<Data Name="PipeName">\testpipe</Data>
<Data
Name="Image">C:\Users\rsmith\source\repos\namedpipecreate\namedpipecreate\bin\Debug\namedpipecreate.exe</Data>
</EventData>
</Event>
Top 10 Windows Security Events to Monitor
Free Tool for Windows Event Collection