• hunter

SPLUNK PILL 101-#AA01-External device

source="WinEventLog:Security" AND EventCode="6416"

| table "Account Name", "Device Name", "Class Name", "Device ID", "Vendor ID"


Short prescription


Based on event ID: 6416 which inform us about detection of new external device connected to the system.

Check Vendor ID, and discover what kind of device we are dealing.

Quite noisy

Raise event for any kind of devices.


23 views0 comments

Recent Posts

See All