12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621620465 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1498 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621620330 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x108c Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Exit Status: 0x1 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621619957 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x108c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60053 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60053 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621620466 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x1498 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Exit Status: 0x1 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=1621621644 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC1A179 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=1621621643 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0xAC1A179 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {3A0E763C-DBA1-C1F7-A9B6-0F5776BF150F} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: ::1 Source Port: 60054 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=1621621642 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC1A179 Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 628 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: ::1 Source Port: 60054 Destination Address: ::1 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2388 Application Name: \device\harddiskvolume1\windows\adws\microsoft.activedirectory.webservices.exe Network Information: Direction: Outbound Source Address: ::1 Source Port: 60054 Destination Address: ::1 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2388 Application Name: \device\harddiskvolume1\windows\adws\microsoft.activedirectory.webservices.exe Network Information: Source Address: :: Source Port: 60054 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=1621621895 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC1A3C8 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=1621621894 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC1A4D8 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=1621621893 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC1A520 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=1621621892 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC1A5AD Network Information: Object Type: File Source Address: fe80::b574:557a:2d92:ce61 Source Port: 60058 Share Information: Share Name: \\*\SYSVOL Share Path: \??\C:\Windows\SYSVOL\sysvol Relative Target Name: attackrange.local\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\gpt.ini Access Request Information: Access Mask: 0x120089 Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Access Check Results: READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;0x1200a9;;;WD) ReadData (or ListDirectory): Granted by D:(A;;0x1200a9;;;WD) ReadEA: Granted by D:(A;;0x1200a9;;;WD) ReadAttributes: Granted by D:(A;;0x1200a9;;;WD) 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=1621621891 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC1A5AD Network Information: Object Type: File Source Address: fe80::b574:557a:2d92:ce61 Source Port: 60058 Share Information: Share Name: \\*\SYSVOL Share Path: \??\C:\Windows\SYSVOL\sysvol Relative Target Name: attackrange.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini Access Request Information: Access Mask: 0x120089 Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Access Check Results: READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;0x1200a9;;;WD) ReadData (or ListDirectory): Granted by D:(A;;0x1200a9;;;WD) ReadEA: Granted by D:(A;;0x1200a9;;;WD) ReadAttributes: Granted by D:(A;;0x1200a9;;;WD) 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5140 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=File Share OpCode=Info RecordNumber=1621621890 Keywords=Audit Success Message=A network share object was accessed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC1A5AD Network Information: Object Type: File Source Address: fe80::b574:557a:2d92:ce61 Source Port: 60058 Share Information: Share Name: \\*\SYSVOL Share Path: \??\C:\Windows\SYSVOL\sysvol Access Request Information: Access Mask: 0x1 Accesses: ReadData (or ListDirectory) 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=1621621889 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Delegation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0xAC1A5AD Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {B767A44D-180C-9D39-C17A-E8F70ECC366B} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: fe80::b574:557a:2d92:ce61 Source Port: 60058 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=1621621888 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC1A5AD Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Inbound Source Address: fe80::b574:557a:2d92:ce61 Source Port: 60058 Destination Address: fe80::b574:557a:2d92:ce61 Destination Port: 445 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Outbound Source Address: fe80::b574:557a:2d92:ce61 Source Port: 60058 Destination Address: fe80::b574:557a:2d92:ce61 Destination Port: 445 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 4 Application Name: System Network Information: Source Address: :: Source Port: 60058 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60057 Destination Address: 10.0.1.12 Destination Port: 8089 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60057 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=1621621882 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0xAC1A520 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {B767A44D-180C-9D39-C17A-E8F70ECC366B} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: 10.0.1.14 Source Port: 60056 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=1621621881 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC1A520 Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 628 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: 10.0.1.14 Source Port: 60056 Destination Address: 10.0.1.14 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65787 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 1268 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60056 Destination Address: 10.0.1.14 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65789 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1268 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: 0.0.0.0 Source Port: 60056 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=1621621877 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0xAC1A4D8 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {B767A44D-180C-9D39-C17A-E8F70ECC366B} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: ::1 Source Port: 0 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=1621621876 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC1A4D8 Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=1621621875 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0xAC1A3C8 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {B767A44D-180C-9D39-C17A-E8F70ECC366B} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: fe80::b574:557a:2d92:ce61 Source Port: 60055 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=1621621874 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC1A3C8 Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 628 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::b574:557a:2d92:ce61 Source Port: 60055 Destination Address: fe80::b574:557a:2d92:ce61 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 1268 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Outbound Source Address: fe80::b574:557a:2d92:ce61 Source Port: 60055 Destination Address: fe80::b574:557a:2d92:ce61 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1268 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 60055 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60060 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60060 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418591 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x1388 Process Name: C:\Windows\System32\conhost.exe Exit Status: 0x0 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418590 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x1784 Process Name: C:\Windows\System32\SIHClient.exe Exit Status: 0x0 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418589 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1388 New Process Name: C:\Windows\System32\conhost.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x1784 Creator Process Name: C:\Windows\System32\SIHClient.exe Process Command Line: \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418588 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1784 New Process Name: C:\Windows\System32\SIHClient.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4a0 Creator Process Name: C:\Windows\System32\svchost.exe Process Command Line: C:\Windows\System32\sihclient.exe Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 52954 Destination Address: 10.0.0.2 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Inbound Source Address: 10.0.1.15 Source Port: 49163 Destination Address: 10.0.1.14 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 66884 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 52542 Destination Address: 10.0.0.2 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Inbound Source Address: 10.0.1.15 Source Port: 52376 Destination Address: 10.0.1.14 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 66884 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Inbound Source Address: 10.0.1.15 Source Port: 54703 Destination Address: 10.0.1.14 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 66884 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60061 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60061 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 628 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::b574:557a:2d92:ce61 Source Port: 53945 Destination Address: fe80::b574:557a:2d92:ce61 Destination Port: 49666 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=1621622827 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC1A5AD Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60062 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60062 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60063 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60063 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418594 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1874 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:40:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418593 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x750 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Exit Status: 0x1 12/15/2021 08:40:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418592 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x750 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418596 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1058 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60064 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60064 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418595 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x1874 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Exit Status: 0x1 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418599 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x50c Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Exit Status: 0x1 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418598 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x50c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418597 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x1058 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Exit Status: 0x1 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Inbound Source Address: 10.0.1.14 Source Port: 138 Destination Address: 10.0.1.255 Destination Port: 138 Protocol: 17 Filter Information: Filter Run-Time ID: 65787 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 138 Destination Address: 10.0.1.255 Destination Port: 138 Protocol: 17 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418601 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0xb10 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Exit Status: 0x1 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418600 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xb10 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:40:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418604 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x14f8 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:40:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418603 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x1bb0 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Exit Status: 0x1 12/15/2021 08:40:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418602 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1bb0 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418605 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x14f8 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Exit Status: 0x1 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60065 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60065 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60066 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60066 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60067 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60067 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5140 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=File Share OpCode=Info RecordNumber=1621624398 Keywords=Audit Success Message=A network share object was accessed. Subject: Security ID: NT AUTHORITY\NETWORK SERVICE Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E4 Network Information: Object Type: File Source Address: fe80::b574:557a:2d92:ce61 Source Port: 60068 Share Information: Share Name: \\*\IPC$ Share Path: Access Request Information: Access Mask: 0x1 Accesses: ReadData (or ListDirectory) 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Inbound Source Address: fe80::b574:557a:2d92:ce61 Source Port: 60068 Destination Address: fe80::b574:557a:2d92:ce61 Destination Port: 445 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Outbound Source Address: fe80::b574:557a:2d92:ce61 Source Port: 60068 Destination Address: fe80::b574:557a:2d92:ce61 Destination Port: 445 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 4 Application Name: System Network Information: Source Address: :: Source Port: 60068 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60069 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60069 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60070 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60070 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621624711 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x200 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Exit Status: 0x1 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621624710 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x200 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621625219 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x87c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621624858 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x358 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Exit Status: 0x1 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621624712 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x358 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621626107 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x88c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621625677 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x1520 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Exit Status: 0x1 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621625620 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1520 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60071 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60071 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621625220 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x87c Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Exit Status: 0x1 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621627220 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x151c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:1