Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Type: Failure Audit|
The Windows Filtering Platform blocked a packet.
Process ID: 4
Application Name: System
Source Address: 126.96.36.199
Source Port: 138
Destination Address: 192.168.1.1
Destination Port: 138
Filter Run-Time ID: 0
Layer Name: Receive/Accept
Layer Run-Time ID: 44
|English: Request a translation of the event description in plain English.|
This event indicates that the Windows Firewall blocked network traffic to or from this computer. This traffic is not explicitely allowed and the administrator should analyze the reported information and decide if this is legit or not. The event provides information about the application/service that sent the packet, the destination of the packet, the protocol type and the port number (source and destination ports - the destination port is the one relevant). The protocol is given by its number. For example, UDP is protocol 17, while TCP is protocol 6. You can lookup the protocol in the "TCP/IP Ports" section of www.eventid.net.
|Private comment: Subscribers only. See example of private comment|
|Links: TCP/IP Ports|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
|Custom search for *****: Google - Bing - Microsoft - Yahoo|
Send comments or solutions
- Notify me when updated