top of page

SPLUNK PILL 101-#AA01-External device

Writer's picture: hunterhunter

source="WinEventLog:Security" AND EventCode="6416"

| table "Account Name", "Device Name", "Class Name", "Device ID", "Vendor ID"


Short prescription


Based on event ID: 6416 which inform us about detection of new external device connected to the system.

Check Vendor ID, and discover what kind of device we are dealing.

Quite noisy

Raise event for any kind of devices.


40 views0 comments

Recent Posts

See All

Comments


Commenting has been turned off.

©2020 by malware-hunter. Proudly created by myself :)

bottom of page