Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Type: Failure Audit|
The Windows Filtering Platform has blocked a connection.
Process ID: 4
Application Name: System
Source Address: <LAN Broadcast Address>
Source Port: 138
Destination Address: <Client IP Address>
Destination Port: 138
Filter Run-Time ID: 0
Layer Name: Receive/Accept
Layer Run-Time ID: 44
|English: Request a translation of the event description in plain English.|
The Windows Filtering Platform (WFP) provides auditing of firewall events and this message is an example of the firewall blocking an application that was trying to connect over the network with a remote host. The event description includes details about the name of the application, what network protocol (TCP/IP port) it tried to use, the direction of the traffic (inbound vs. outbound). This information can be used by the administrator to determine if this type of application should stay blocked or exception have to be configured within the firewall to allow it.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (1) - More links...|
|Custom search for *****: Google - Bing - Microsoft - Yahoo|
Send comments or solutions
- Notify me when updated